[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Linux Security FAQ Update

Title: Linux Security FAQ Update
Released by:
Date: 24th October 1996
Printable version: Click here

$Id: mount-umount,v 1.5 1996/10/24 21:17:29 alex Exp $

                          Linux Security FAQ Update

                       mount/umount Vulnerability v1.5

                        Thu Oct 24 17:15:10 EDT 1996

   Copyright (C) 1995,1996 Alexander O. Yuriev (alex@bach.cis.temple.edu)

                              CIS Laboratories

                             TEMPLE  UNIVERSITY



 This is an official Update of the Linux Security FAQ, and it is supposed to

                be signed by one of the following PGP keys:


     pub  1024/9ED505C5 1995/12/06 Jeffrey A. Uphoff 

                  Jeffrey A. Uphoff       

           1024/EFE347AD 1995/02/17 Olaf Kirch 

 1024/ADF3EE95 1995/06/08 Linux Security FAQ Primary Key 

    Unless you are able to verify at least one of signatures, please be very

                    careful when following instructions.

   Linux Security WWW: http://bach.cis.temple.edu/linux/linux-security

             linux-security & linux-alert mailing list archives:




LOG ( This section is maintained by Revision Control System )

$Log: mount-umount,v $

Revision 1.5  1996/10/24 21:17:29  alex

Tarsier's URL fixed

Revision 1.4  1996/10/24 00:32:42  alex

Red Hat URLs updated per CERT's request



        This update fixes several URLs of the Linux Security FAQ Update#13

        "mount/umount vulnerability" dated Tue Sep Wed Oct 23 20:09:59 EDT

        1996. There are no major updates to the text of the document.


        A vulnerability exists in the mount/umount programs of the

        util-linux 2.5 package. If installed suid-to-root, these programs

        allow local users to gain super-user privileges.


        Local users can gain root privileges. The exploits that exercise

        this vulnerability were made available.


        mount/umount utilities from the util-linux 2.5 suffer from the

        buffer overrun problem. Installing mount/umount as suid-to-root

        programs is necessary to allow local users to mount and unmount

        removable media without having super-user privileges. If this

        feature is not required, it is recommended that suid bit is removed

        from both mount and umount programs. If this feature is required,

        one might want to consider the other ways of implementing it. Such

        approaches include but are not limited to using auto-mounter or sudo



                Red Hat Commercial Linux

                        RedHat 2.1, RedHat 3.0.3 (Picasso) and RedHat 3.0.4

                        (Rembrandt) contain vulnerable umount utilities.

                        Red Hat Software advises users of Red Hat 2.1 to

                        upgrade to Red Hat 3.0.3 (Picasso)

                        The replacement RPMs are available from the

                        following URLs:

                        Red Hat Linux 3.0.3 (Picasso) i386 architecture







                        RedHat Linux 3.0.3 (Picasso) Alpha architecture







                        RedHat Linux 3.0.4 Beta (Rembrandt) i386 architecture 



                        RedHat Linux 3.0.4 Beta (Rembrandt) SPARC architecture 



                        Please verify the MD5 fingerprint of the RPMs

                        prior to installing them.

ad9b0628b6af9957d7b5eb720bbe632b  mount-2.5k-1.axp.rpm

12cb19ec4b3060f8d1cedff77bda7c05  util-linux-2.5-11fix.axp.rpm

26506a3c0066b8954d80deff152e0229  mount-2.5k-1.i386.rpm

f48c6bf901dd5d2c476657d6b75b12a5  util-linux-2.5-11fix.i386.rpm

7337f8796318f3b13f2dccb4a8f10b1a  mount-2.5k-2.i386.rpm

e68ff642a7536f3be4da83eedc14dd76  mount-2.5k-2.sparc.rpm

                        The Red Hat Software Inc notes that the only

                        difference between mount-2.5k-1 and mount-2.5k-2 is

                        in the packaging format.

                        Please note that due to the release of Red Hat 4.0,

                        the FTP site of Red Hat Software removed fixes for

                        a beta release of Rembrandt.

                Caldera Network Desktop 

                        Caldera Network Desktop version 1.0 contains

                        vulnerable mount and umount programs.

                        Caldera Inc issued Caldera Security Advisory 96.04

                        where it recommends removing setuid bit from

                        mount and umount commands using command

                                chmod 755 /bin/mount /bin/umount.


                        Users of Caldera Network Desktop 1.0 upgraded to

                        RedHat 3.0.3 (Picasso) are advised to follow the

                        instructions in the Red Hat Commercial Linux section

                        of this LSF Update.


                        Debian/GNU Linux 1.1 contains the vulnerable

                        mount/umount programs. The Debian Project provided

                        the information that an updated package fixes this


                        The fix-kit can be obtained from the following URLs:




                        Please verify the MD5 signature of the RPM prior

                        to installing the fix-kit

                        6672530030f9a6c42451ace74c7510ca  mount_2.5l-1.deb

                        WARNING: The message that contained information

                        about MD5 hash of the mount_2.5l-1.deb package was

                        not signed. We were unable to verify the integrity

                        of the message.



                        There is no official information available about

                        vulnerability of Slackware 3.0 or Slackware 3.1

                        distributions from distribution maintainer.

                        The testing indicates that both Slackware 3.0 and

                        Slackware 3.1 distributions contains the vulnerable

                        mount and umount programs.

                        Until the official fix-kit for Slackware 3.0 and 3.1

                        becomes available system administrators are advised

                        to follow the instructions in the Other Linux

                        Distributions section of this LSF Update


                        Yggdrasil Computing Inc neither confirmed not denied

                        vulnerability of Plug and Play Fall'95 Linux.

                        The testing indicates that Plug and Play Fall'95

                        Linux distribution contains the vulnerable mount

                        and umount program.

                        Until the official fix-kit for Yggdrasil Plug and

                        Play Linux becomes available system administrators

                        are advised to follow the instructions in the Other

                        Linux Distributions section of this LSF Update

                Other Linux Distributions

                        It is believed at this moment that all Linux

                        distributions using util-linux version 2.5 or prior

                        to that contain the vulnerable mount and umount 


                        Administrators of systems based on distributions

                        not listed in this LSF Update or distributions that

                        do not have fix-kits available at the moment are

                        urged to contact their support centers requesting

                        the fix-kits to be made available to them. 

                        In order to prevent the vulnerability from being

                        exploited in the mean time, it is recommended that

                        the suid bit is removed from mount and umount

                        programs using command

                                chmod u-s /bin/mount /bin/umount

                        Until the official fix-kits are available for those

                        systems, it is advised that system administrators

                        obtain the source code of fixed mount program used

                        in Debian/GNU Linux 1.1, compile it and replace the

                        vulnerable binaries.

                        The URLs for the source code of the Debian/GNU Linux

                        1.1 package which fixes the security problem of

                        mount utility can be obtained from the following





                        Warning: We did not receive MD5 hash of the 

                        mount_2.5l-1.tar.gz file.


        This LSF Update is based on the information originally posted to

        linux-alert. The information on the fix-kit for Red Hat commercial

        Linux was provided by Elliot Lee (sopwith@redhat.com) of Red Hat

        Software Inc,; for the Caldera Network Desktop by Ron Holt of

        Caldera Inc.; for Debian/GNU Linux 1.1 by Guy Maor



Version: 2.6.2







(C) 1999-2000 All rights reserved.