Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-2961

Published: 8 September 2010

mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.

From the Ubuntu Security Team

Alasdair MacGregor discovered that mountall created a udev rule file with world-writable permissions. A local attacker could exploit this under certain conditions to cause udev to execute arbitrary commands as the root user.

Notes

AuthorNote
kees 
luckily, udev doesn't use inotify on this directory at boot time, so
udev needs to be reloaded before this is really ugly.

Priority

High

Status

Package Release Status
mountall
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic Not vulnerable

lucid
Released (2.15.2)
upstream Needs triage

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading