Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: Various Flavours :: mount2.htm

EWS-UX/V, UP-UX, UX/4800 "nosuid" mount - invoke commands as other users, possible root comp.



Vulnerability

    "nosuid" mount

Affected

    EWS-UX/V(Rel4.2) R7.x - R10.x
    EWS-UX/V(Rel4.2MP) R10.x
    UP-UX/V(Rel4.2MP) R5.x - R7.x
    UX/4800 R11.x - 12.1

Description

    Following info is based on NEC Corporation Security Bulletin.  NEC
    Corporation  has  identified  and  corrected  a  problem  with the
    "nosuid" mount(1) option.  The "nosuid" mount(1) option  nullifies
    the effect  of setuid  and setgid  bits for  files on a particular
    file system.  This problem manifests itself by allowing setuid and
    setgid program execution on file systems mounted with "nosuid".

    By exploiting this vulnerability, local users can invoke  commands
    as other  users and  possibly achieve  root privileges  to execute
    arbitrary commands.

Solution

    The patches listed below  change the way execution  privileges are
    calculated so that setuid and setgid bits are correctly ignored on
    file systems mounted with the "nosuid" option.  Patches are:

        OS version                      Patch ID
        ----------                      --------
        EWS-UX/V(Rel4.2) R7.x           NECe70093
        EWS-UX/V(Rel4.2) R8.x           NECe80121
        EWS-UX/V(Rel4.2) R9.x           NECe90281, NECe90282(for 110N)
        EWS-UX/V(Rel4.2) R10.x          NECea0168
        EWS-UX/V(Rel4.2MP) R10.x        NECma0378
        UP-UX/V(Rel4.2MP) R5.x          NECu50078
        UP-UX/V(Rel4.2MP) R6.x          NECu60217
        UP-UX/V(Rel4.2MP) R7.x          NECu70541
        UX/4800 R11.x                   NECmb0668
        UX/4800 R12.x                   NECmc0054

    These patches are available from:

        ftp://ftp.meshnet.or.jp/pub/48pub/security

    Patches for platforms not listed are still in progress.  For these
    systems, it  is recommend  either unmounting  file systems mounted
    "nosuid"  or  applying  the  workaround  as  described below until
    patches are made available.

    To prevent  possible exploitation  of this  vulnerability, until a
    patch  is  made  available  for  your  platform, recommend are the
    following steps:

         1) Make a local copy of each remote file system mounted  with
            the "nosuid" option.

            # find <mountpoint> -depth -print | cpio -pdm <localcopy>

         2) Unmount  the remote  file system  and replace  it with the
            local copy.

            # umount <mountpoint>
            # mount <localdev> <mountpoint>

         3) Run  the find(1)  command below  to remove  all setuid and
            setgid  bits  on  files  in  the  local copy of the remote
            hierarchy.

            # find <mountpoint> -print -exec chmod ug-s {} \;


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH