Fluid Attacks Database

Description

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	util-linux	>=0 <2.12p-8	2.12p-8
debian 11	util-linux	>=0 <2.12p-8	2.12p-8
debian 14	util-linux	>=0 <2.12p-8	2.12p-8
debian 12	util-linux	>=0 <2.12p-8	2.12p-8

Aliases

1. CVE-2005-28762. NVD-2005-28763. OSV-DEBIAN-2005-28764. OSV-2005-28765. SECURITY-TRACKER-CVE-2005-2876

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.