The remount option (-r) of umount(8) may allow a local unprivileged user who has privileges to unmount a filesystem the ability to gain additional privileges, such as removing the "nosuid" flag from a filesystem.

This issue is described in the following document:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2876

This issue can occur in the following releases:

Linux Platform

• Sun Java Desktop System (JDS) Release 2 without the updated RPMs (patch-10488)

Notes:

1. Sun Java Desktop System (JDS) release 2003 is no longer under entitlement.
2. The described issue only occurs with util-linux versions util-linux-2.11u-134 or earlier.

To determine if unprivileged local users have privileges to umount(8) a filesystem, check the "/etc/fstab" (see fstab(5)) file for the presence of the "user" mount option. For example:

    $ grep user /etc/fstab
    /dev/fd0  	/media/floppy  auto  rw,noauto,user,sync  0 0

To determine the release of JDS for Linux installed on a system, the following command can be used:

    % cat /etc/sun-release    
    Sun Java Desktop System, Release 2 -build 10b (GA)
    Assembled 30 March 2004

To determine the version of util-linux, the following command can be used:

    % rpm -qf  /bin/umount
    util-linux-2.11u-135

There are no predictable symptoms that would indicate the described issue has been exploited.

There is no workaround. Please see the "Resolution" section below.

This issue is addressed in the following releases:

Linux

• Sun Java Desktop System (JDS) Release 2 with the updated RPMs (patch-10488)

To download and install the updated RPMs from the update servers select the following from the menu:

    Launch >> Applications >> System Tools >> Online Update

For more information on obtaining updates see:

• http://wwws.sun.com/software/javadesktopsystem/faq.html#5q5
• http://wwws.sun.com/software/javadesktopsystem/faq.html#5q7

This solution has no attachment