CVE-2005-2876

Name of the Vulnerable Software and Affected Versions util-linux versions 2.8 through 2.12q util-linux versions 2.13-pre1 through 2.13-pre2 Red Hat Enterprise Linux (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the util-linux package and Red Hat Enterprise Linux, which can be exploited locally to compromise the confidentiality, integrity, and availability of protected information. The exploitation can be achieved through the umount function in util-linux, allowing local users with unmount permissions to gain privileges via the -r (remount) option. This option causes the file system to be remounted with just the read-only flag, effectively clearing the nosuid, nodev, and other flags.

Recommendations For util-linux versions 2.8 through 2.12q and 2.13-pre1 through 2.13-pre2, consider disabling the -r (remount) option in the umount function to prevent privilege escalation. For Red Hat Enterprise Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.