FUSE-based exploit that leverages a flaw in fs/namespace.c where it does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges. Linux kernels through 3.16.1 are affected.
ceef8a818b79311e115302eccab949f8c476aa0ed6a6fea5f7d2e42f47c9b9b1Ubuntu Security Notice 2317-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.
891094f08750c7ff1ccc2f3aa4fe734c4fae78b401f90a2713af74ba81869398Ubuntu Security Notice 2318-1 - Eric W. Biederman discovered a flaw with the mediation of mount flags in the Linux kernel's user namespace subsystem. An unprivileged user could exploit this flaw to by-pass mount restrictions, and potentially gain administrative privileges. Kenton Varda discovered a flaw with read-only bind mounds when used with user namespaces. An unprivileged local user could exploit this flaw to gain full write privileges to a mount that should be read only. Various other issues were also addressed.
ac47389034e16265b91f850754f4d17ed121b6517b8fb5a79f805b8139d46dff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed