Debian Bug report logs - #697464
CVE-2013-0157: mount/umount leak information about existence of folders

version graph

Package: mount; Maintainer for mount is LaMont Jones <lamont@debian.org>; Source for mount is src:util-linux.

Reported by: Jann Horn <jannhorn@googlemail.com>

Date: Sat, 5 Jan 2013 16:24:01 UTC

Severity: important

Tags: patch, security

Found in version util-linux/2.20.1-5.3

Fixed in version util-linux/2.20.1-5.5

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, jannhorn@googlemail.com, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>:
Bug#697464; Package mount. (Sat, 05 Jan 2013 16:24:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jann Horn <jannhorn@googlemail.com>:
New Bug report received and forwarded. Copy sent to jannhorn@googlemail.com, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, LaMont Jones <lamont@debian.org>. (Sat, 05 Jan 2013 16:24:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jann Horn <jannhorn@googlemail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mount/umount leak information about existence of folders
Date: Sat, 05 Jan 2013 17:20:37 +0100
Package: mount
Version: 2.20.1-5.3
Severity: critical
Tags: security
Justification: root security hole

mount discloses information about folders not accessible for a user:

$ ls -ld /root/.ssh
ls: cannot access /root/.ssh: Permission denied
$ ls -ld /root/.foo
ls: cannot access /root/.foo: Permission denied

First variant:

$ mount --guess-fstype /root/.ssh/../../dev/sda1
ext4
$ mount --guess-fstype /root/.foo/../../dev/sda1
unknown

Second one:

$ mount /root/.ssh/../../dev/cdrom
mount: no medium found on /dev/sr0
$ mount /root/.foo/../../dev/cdrom
mount: can't find /root/.foo/../../dev/cdrom in /etc/fstab or /etc/mtab

These issues were, as far as I can see, fixed in the following upstream commits:
 - 0377ef91270d06592a0d4dd009c29e7b1ff9c9b8
 - 33c5fd0c5a774458470c86f9d318d8c48a9c9ccb
 - 5ebbc3865d1e53ef42e5f121c41faab23dd59075
 - cc8cc8f32c863f3ae6a8a88e97b47bcd6a21825f

However, the last two commits might have to be rewritten - I think that debian uses
mount-deprecated and those commits are for the new mount.

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6.7 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mount depends on:
ii  libblkid1    2.20.1-5.3
ii  libc6        2.13-37
ii  libmount1    2.20.1-5.3
ii  libselinux1  2.1.9-5
ii  libsepol1    2.1.4-3

mount recommends no packages.

Versions of packages mount suggests:
ii  nfs-common  1:1.2.6-3

-- no debconf information



Severity set to 'important' from 'critical' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 05 Jan 2013 16:48:05 GMT) Full text and rfc822 format available.

Changed Bug title to 'CVE-2013-0157: mount/umount leak information about existence of folders' from 'mount/umount leak information about existence of folders' Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 08 Apr 2013 07:39:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#697464; Package mount. (Wed, 03 Jul 2013 01:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Wed, 03 Jul 2013 01:57:04 GMT) Full text and rfc822 format available.

Message #14 received at 697464@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 697464@bugs.debian.org
Subject: Re: [Secure-testing-team] Bug#697464: mount/umount leak information about existence of folders
Date: Tue, 2 Jul 2013 21:52:17 -0400
[Message part 1 (text/plain, inline)]
control: tag -1 patch
control: tag -1 pending

Hi, I've uploaded an nmu fixing this issue to delayed/5.  Please see
attached patch, which was backported from the redhat security update:
https://rhn.redhat.com/errata/RHSA-2013-0517.html

Best wishes,
Mike
[util-linux.patch (application/octet-stream, attachment)]

Added tag(s) patch. Request was from Michael Gilbert <mgilbert@debian.org> to 697464-submit@bugs.debian.org. (Wed, 03 Jul 2013 01:57:05 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from Michael Gilbert <mgilbert@debian.org> to 697464-submit@bugs.debian.org. (Wed, 03 Jul 2013 01:57:05 GMT) Full text and rfc822 format available.

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Mon, 08 Jul 2013 03:09:16 GMT) Full text and rfc822 format available.

Notification sent to Jann Horn <jannhorn@googlemail.com>:
Bug acknowledged by developer. (Mon, 08 Jul 2013 03:09:16 GMT) Full text and rfc822 format available.

Message #23 received at 697464-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 697464-close@bugs.debian.org
Subject: Bug#697464: fixed in util-linux 2.20.1-5.5
Date: Mon, 08 Jul 2013 03:04:20 +0000
Source: util-linux
Source-Version: 2.20.1-5.5

We believe that the bug you reported is fixed in the latest version of
util-linux, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697464@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated util-linux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Jul 2013 01:39:47 +0000
Source: util-linux
Binary: util-linux util-linux-locales mount bsdutils fdisk-udeb cfdisk-udeb libblkid1 libblkid1-udeb libblkid-dev libmount1 libmount1-udeb libmount-dev libuuid1 uuid-runtime libuuid1-udeb uuid-dev util-linux-udeb
Architecture: source all amd64
Version: 2.20.1-5.5
Distribution: unstable
Urgency: medium
Maintainer: LaMont Jones <lamont@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 bsdutils   - Basic utilities from 4.4BSD-Lite
 cfdisk-udeb - Manually partition a hard drive (cfdisk) (udeb)
 fdisk-udeb - Manually partition a hard drive (fdisk) (udeb)
 libblkid-dev - block device id library - headers and static libraries
 libblkid1  - block device id library
 libblkid1-udeb - block device id library (udeb)
 libmount-dev - block device id library - headers and static libraries
 libmount1  - block device id library
 libmount1-udeb - block device id library (udeb)
 libuuid1   - Universally Unique ID library
 libuuid1-udeb - stripped down universally unique id library, for debian-installer (udeb)
 mount      - Tools for mounting and manipulating filesystems
 util-linux - Miscellaneous system utilities
 util-linux-locales - Locales files for util-linux
 util-linux-udeb - Miscellaneous system utilities (udeb)
 uuid-dev   - universally unique id library - headers and static libraries
 uuid-runtime - runtime components for the Universally Unique ID library
Closes: 697464
Changes: 
 util-linux (2.20.1-5.5) unstable; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2013-0157: mount discloses information about the existence of
     folders (closes: #697464)
Checksums-Sha1: 
 6c76a3e576d1e3f2ed11346bf725ab09f150fc41 3606 util-linux_2.20.1-5.5.dsc
 c2dac65c5988c56614ab39eefd3c3ba96a9863c0 279916 util-linux_2.20.1-5.5.diff.gz
 4510a1782a4161e24111078781cd074b7b0b4395 1531980 util-linux-locales_2.20.1-5.5_all.deb
 102901f0de0e201d359b827dbee4dab6cb263ec4 663436 util-linux_2.20.1-5.5_amd64.deb
 4e64cd2200cf57d8c56ee241051c3b9d4a5f6e47 214272 mount_2.20.1-5.5_amd64.deb
 f108f8ce4e01b4a9b476a8917b68937f403d7b54 85498 bsdutils_2.20.1-5.5_amd64.deb
 36a92f6f0cbfb9f2e317a9dc504617fced477c34 64896 fdisk-udeb_2.20.1-5.5_amd64.udeb
 4a66787a022637a2d3becaf6a9ff3d48f1c39ae8 742538 cfdisk-udeb_2.20.1-5.5_amd64.udeb
 70736c609583754bd696e33c06d0dd58b8c8469b 119808 libblkid1_2.20.1-5.5_amd64.deb
 0852612d21defa7796bde937e07b6930f2180b31 61440 libblkid1-udeb_2.20.1-5.5_amd64.udeb
 ad1610295d03312c559f7a66dda42171bf5a6b84 152230 libblkid-dev_2.20.1-5.5_amd64.deb
 89fdb6b49cea49afddf1521ee3f1990fcfcf1d5e 119968 libmount1_2.20.1-5.5_amd64.deb
 03d7d1f680396bf8faefedd35846c218e69c9426 59406 libmount1-udeb_2.20.1-5.5_amd64.udeb
 ee32535cfcdf2c617326711454da62cb42b81b50 140566 libmount-dev_2.20.1-5.5_amd64.deb
 29f8fd72ce5f2ffac63bd75497bd1c2ad4cf37cc 57162 libuuid1_2.20.1-5.5_amd64.deb
 6f3f6a8e724bff89929215cf3511266edf92b80b 61990 uuid-runtime_2.20.1-5.5_amd64.deb
 76b0bf4562ab02a80309b7aba5eed43e54b4affd 7298 libuuid1-udeb_2.20.1-5.5_amd64.udeb
 db9046d97777165e370e41ffe232c05f32a53630 72736 uuid-dev_2.20.1-5.5_amd64.deb
 311e975915dc281dc7503379d646df60fb1a5b69 11926 util-linux-udeb_2.20.1-5.5_amd64.udeb
Checksums-Sha256: 
 8fb9a3ec49c2b5d8b9018efe7e67898f1bca36a79b3715346b2388e1c0a07b4b 3606 util-linux_2.20.1-5.5.dsc
 093af8c66d4ae44553443f58846cab966f7abfb39614a2f303b3b78a9f690dd8 279916 util-linux_2.20.1-5.5.diff.gz
 c270f33953086d1a11a32f04106bd9a71fc861ba28e2af5d7c0c04adab490d1a 1531980 util-linux-locales_2.20.1-5.5_all.deb
 b1f9dda6b633db6fea030f3a5112c028baac77e09ccfe117b71187562c9340b3 663436 util-linux_2.20.1-5.5_amd64.deb
 658b0a16d13c9cf2c0ee5ebbe7916b32e898859f90d6f66ee094bbdd093c4ecf 214272 mount_2.20.1-5.5_amd64.deb
 53c5077b926a32f2351a4399d808c9787b14fa9a2e44b48f63938ea104984a85 85498 bsdutils_2.20.1-5.5_amd64.deb
 a44860713c7c5c3c3424c96d9cce60cf791d89264496fd0080a40dcc09ea5e51 64896 fdisk-udeb_2.20.1-5.5_amd64.udeb
 428c0ef8f214f6a403ab9f50394c79e81654476f68fc18342587d2748c7d37df 742538 cfdisk-udeb_2.20.1-5.5_amd64.udeb
 4ba96d92eeee6a3b33cb15fc213143bd7773b1e635cc40ad576bc7b0b3108985 119808 libblkid1_2.20.1-5.5_amd64.deb
 0be2403cee7884f335e753ca46c6cdc4f4d6076afa75fa54dc719ff5eaa5cc4c 61440 libblkid1-udeb_2.20.1-5.5_amd64.udeb
 22a483e90af53403c842f7abca98302cda86225ebc12dfebebe67efe1111ee03 152230 libblkid-dev_2.20.1-5.5_amd64.deb
 99b462e70003d011a3166000195a68b03b68cae4c835f023f1a01fe8842ceb87 119968 libmount1_2.20.1-5.5_amd64.deb
 3d5e58da347c119c7344d8f1847c29860c26f56ed1a1c918e4fcddcc81729baa 59406 libmount1-udeb_2.20.1-5.5_amd64.udeb
 1edc5e39574d9469ca034b854e76f14d65c3d639c67fb68b8715da667cadef41 140566 libmount-dev_2.20.1-5.5_amd64.deb
 d9f5a4d98360c3fe969b85056be34a889f4a5326e4b8d398106db73c1bdd47c2 57162 libuuid1_2.20.1-5.5_amd64.deb
 15e5e7b7096fc20461ef043e54b03b1caf7eda21199a90bfe3bbcb5d180d97b5 61990 uuid-runtime_2.20.1-5.5_amd64.deb
 78d42856ba1f500a6c03183011dab17f58a9e7ab07f1c71dcebf363a5cf64db6 7298 libuuid1-udeb_2.20.1-5.5_amd64.udeb
 767ad9eb89ea8d0a2493820e36a5c4284c2742296a14584d9199d3a30315d863 72736 uuid-dev_2.20.1-5.5_amd64.deb
 82412196d5070ea0a46fe978c1b73f9ca4064f02b420629f505b6a0428430500 11926 util-linux-udeb_2.20.1-5.5_amd64.udeb
Files: 
 5b3e5be11f835c886ed47aa5dd406767 3606 base required util-linux_2.20.1-5.5.dsc
 93c9004ca2f565ca3d06238612770cdd 279916 base required util-linux_2.20.1-5.5.diff.gz
 6564157a0c049ffb30c7b7a002aacb99 1531980 utils optional util-linux-locales_2.20.1-5.5_all.deb
 b319f3ca38aab6414f893dcf51eb12aa 663436 utils required util-linux_2.20.1-5.5_amd64.deb
 b212abb2b1d553f6b9520312cc6fd24e 214272 admin required mount_2.20.1-5.5_amd64.deb
 5cd5be50d837c0eb2fdd79c89e2efefe 85498 utils required bsdutils_2.20.1-5.5_amd64.deb
 6f50ba1898854923ec70febd4cacf2dd 64896 debian-installer extra fdisk-udeb_2.20.1-5.5_amd64.udeb
 31c0902cf2aefc76a59211d0b0fbb2b7 742538 debian-installer extra cfdisk-udeb_2.20.1-5.5_amd64.udeb
 c72b6107ab0658d6d6a26cc493e66957 119808 libs required libblkid1_2.20.1-5.5_amd64.deb
 768659fb8b4fb7b5b6cdf06a5dd078bf 61440 debian-installer optional libblkid1-udeb_2.20.1-5.5_amd64.udeb
 b2fe6a247c2627a19caa700d6023aa3f 152230 libdevel extra libblkid-dev_2.20.1-5.5_amd64.deb
 38ac46eb981d032ede474b0e450180d6 119968 libs required libmount1_2.20.1-5.5_amd64.deb
 d83c4458117d8220f52c05a54aa767b9 59406 debian-installer optional libmount1-udeb_2.20.1-5.5_amd64.udeb
 93ac04081c179626ecd41b023eaeaeba 140566 libdevel extra libmount-dev_2.20.1-5.5_amd64.deb
 b7f0ab35e9412b58a2e8e86e1188213d 57162 libs required libuuid1_2.20.1-5.5_amd64.deb
 dbbb0da5f7045b635b52b12637920715 61990 libs optional uuid-runtime_2.20.1-5.5_amd64.deb
 5246f5e46a2bf754e895960df89d9208 7298 debian-installer optional libuuid1-udeb_2.20.1-5.5_amd64.udeb
 41a67bc6a0c65a3db6f691b6392ca315 72736 libdevel extra uuid-dev_2.20.1-5.5_amd64.deb
 8f039669fad943b608d70b8877959a10 11926 debian-installer optional util-linux-udeb_2.20.1-5.5_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJR04NjAAoJELjWss0C1vRzkcUf/3IQlx0hilJcEn9+c56uBGev
hOFwv94WDiQfn+uLKKZNECG+CuYQXxEUFRcOWy54OopYW189oitQI4vY5qSLBH5h
rPKqlxy7rTXs94zpg19qzoD+Vw2wNXzYRfd1rTz8w5LzrCCPA8CVIab7NIckIDXd
yPcbIJRa/JXYbNyuWvmmtTK2D13MUIku27ba+UUt5gj5PeT3nfx6bolmIUulxKar
2BItWthO+/qSXiMVYL9qBtZHTXFZDnyCPHnyLC+d0gVr1GfD4w9jOT/GcsOVNmJL
FxLFHO2qZoPe7exhGfNLb29B/SOuA7DqNPDcHYoQtIHTfgiXQ48opVVSnSv026wF
kwuagV9eYhuwWunnss72CsR/GX3hU+B0/ZvkAYvGg9uelNlfpm2pIeV27dahyI2n
2Sa1jOjvmQuwu8CYWRDP1FsT0tplLrI9oZVa1ywQGBNPuH/N55y4q+cL5UfjrVzS
XhUoIWWjojYbmLGTeBbbgWNbbRxjZ1xs0MS60apDy34gKzrQTJh82hEQ3zRc4H5+
IDC/YAgDLTCC8yywxHaWxSaiU6UtbHfWGNYXCmTf4edjDTW1uBfG2/ZRu+JyEQ7p
rDh8BZ7MqQ/22SA5u9OGTg9ktk34T0pygT2RSvizJkTblF7cnca86RZg54M/E/AN
Bw1gSvQPQBRUpb52zrvbKbjr2qbdpC5znOdTbCES0QN0JYFCIKl+NrLcULedfIEL
gfWJxwiRoZSxqxj3ME9BTPhS0MImPvpxtbR1DnEVMIRDrdNJnUtM+IEwoEI1lDs3
JcDxWy23itNGD2BK9Xwhj77wmrOHWI/wac/ZvaviEMtppxK8dymKOAlrrT2oRvsV
rvcYeMqtgKaK0zAcnkmHZNqf625xMuFcBSLdWHa6X7CBrn+tA1J4LCa174gUAPpB
i+yzX6P1KLjA7fyQBy4gnohC6cEex0OQQGXD90bGYhGlvQqOykGl7kXog1SW/MR5
KCTS/VKWMb0goLl98x19ypOgmSKqU+NgUDM/GlQrF+WHAUiIA4UhZDmOzw6YXG/i
n9ICSV1EgFsfuTAZDOf8HNChtA+o7Nlc7LWAS9yh7wJlSauWsuPsfL8BoT/SJgcZ
0R2t5az6tnFcfcpIy5dldxdEFESJB6AfTE6Y9ChrK7m+UBdwyf5EezdkWrM66QYn
CiSbB9d3WYkPdUHsWQhqK1FchbGBKfk7zQQ5F2KKVx2o7xJfTCI6s5jQTYH3KRph
gd38ZI7kUxdD2Y7Nk9+esHeBnRI0iVY0MAAi9/A2+GDqACOnCvZEJvDETzhkdZxR
62Taaf3SghrURbFg70BKB2qOQGA0/JgqtAlA2CFHRrC70GBczIvPBvTmID6uxrE=
=sbnm
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#697464; Package mount. (Mon, 08 Jul 2013 11:45:15 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. (Mon, 08 Jul 2013 11:45:15 GMT) Full text and rfc822 format available.

Message #28 received at 697464@bugs.debian.org (full text, mbox):

From: Jonathan Wiltshire <jmw@debian.org>
To: 697464@bugs.debian.org
Subject: Re: CVE-2013-0157: mount/umount leak information about existence of folders
Date: Mon, 08 Jul 2013 11:15:03 -0000
Package: mount

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.8) - use target "oldstable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/697464/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 10 Aug 2013 07:33:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 04:08:10 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.