Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2005-2876

Published: Sep 13, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2005-2876
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.

Affected Software

Name Vendor Start Version End Version
Util-linux Andries_brouwer 2.8.1_alpha (including) 2.8.1_alpha (including)
Util-linux Andries_brouwer 2.8_12 (including) 2.8_12 (including)
Util-linux Andries_brouwer 2.9i (including) 2.9i (including)
Util-linux Andries_brouwer 2.9w (including) 2.9w (including)
Util-linux Andries_brouwer 2.10f (including) 2.10f (including)
Util-linux Andries_brouwer 2.10m (including) 2.10m (including)
Util-linux Andries_brouwer 2.10p (including) 2.10p (including)
Util-linux Andries_brouwer 2.11f (including) 2.11f (including)
Util-linux Andries_brouwer 2.11n (including) 2.11n (including)
Util-linux Andries_brouwer 2.11q (including) 2.11q (including)
Util-linux Andries_brouwer 2.11r (including) 2.11r (including)
Util-linux Andries_brouwer 2.11w (including) 2.11w (including)
Util-linux Andries_brouwer 2.11x (including) 2.11x (including)
Util-linux Andries_brouwer 2.11y (including) 2.11y (including)
Util-linux Andries_brouwer 2.11z (including) 2.11z (including)
Util-linux Andries_brouwer 2.12a (including) 2.12a (including)
Util-linux Andries_brouwer 2.12b (including) 2.12b (including)
Util-linux Andries_brouwer 2.12i (including) 2.12i (including)
Util-linux Andries_brouwer 2.12j (including) 2.12j (including)
Util-linux Andries_brouwer 2.12k (including) 2.12k (including)
Util-linux Andries_brouwer 2.12o (including) 2.12o (including)
Util-linux Andries_brouwer 2.12p (including) 2.12p (including)
Util-linux Andries_brouwer 2.12q (including) 2.12q (including)
Util-linux Andries_brouwer 2.13_pre1 (including) 2.13_pre1 (including)
Util-linux Andries_brouwer 2.13_pre2 (including) 2.13_pre2 (including)
Red Hat Enterprise Linux 3 RedHat util-linux-0:2.11y-31.11 *
Red Hat Enterprise Linux 4 RedHat util-linux-0:2.12a-16.EL4.12 *
Loop-aes-utils Ubuntu dapper *
Loop-aes-utils Ubuntu devel *
Loop-aes-utils Ubuntu edgy *
Loop-aes-utils Ubuntu feisty *
Util-linux Ubuntu dapper *
Util-linux Ubuntu devel *
Util-linux Ubuntu edgy *
Util-linux Ubuntu feisty *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use