A vulnerability affected the util-linux package have been reported on Secunai. It can potentially be exploited by malicious local users to perform certain actions with escalated privileges.
A vulnerability affecting the util-linux package has been reported on Secunia. It can potentially be exploited by malicious local users to perform certain actions with escalated privileges.
Util-linux is a suite of essential utilities that can be found in many Linux systems. While not particularly serious, especially for privately maintained servers, there might be repercussions for hosting companies that allow shell access.
The vulnerability is caused due to the mount and umount programs incorrectly checking the return values of the "setuid()" and "setgid()" functions when dropping privileges. This can potentially be exploited to perform certain actions with escalated privileges via e.g. the mount.nfs utility.
The report has been filed for version 2.12r of util-linux. Other versions may also be affected.