CVE-2005-2876

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-09-13 CVE Reserved
2005-09-13 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (22)

URL	Tag	Source
http://marc.info/?l=bugtraq&m=112656096125857&w=2	Mailing List
http://secunia.com/advisories/16785	Third Party Advisory
http://secunia.com/advisories/16988	Third Party Advisory
http://secunia.com/advisories/17004	Third Party Advisory
http://secunia.com/advisories/17027	Third Party Advisory
http://secunia.com/advisories/17133	Third Party Advisory
http://secunia.com/advisories/17154	Third Party Advisory
http://secunia.com/advisories/18502	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm	X_refsource_misc
http://www.osvdb.org/19369	Vdb Entry
http://www.securityfocus.com/bid/14816	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/22241	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://marc.info/?l=bugtraq&m=112690609622266&w=2	2018-10-19
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1	2018-10-19
http://www.debian.org/security/2005/dsa-823	2018-10-19
http://www.debian.org/security/2005/dsa-825	2018-10-19
http://www.novell.com/linux/security/advisories/2005_21_sr.html	2018-10-19
http://www.securityfocus.com/archive/1/419774/100/0/threaded	2018-10-19
http://www.ubuntu.com/usn/usn-184-1	2018-10-19
https://access.redhat.com/security/cve/CVE-2005-2876	2005-10-11
https://bugzilla.redhat.com/show_bug.cgi?id=1617764	2005-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.8.1_alpha Search vendor "Andries Brouwer" for product "Util-linux" and version "2.8.1_alpha"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.8_12 Search vendor "Andries Brouwer" for product "Util-linux" and version "2.8_12"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.9i Search vendor "Andries Brouwer" for product "Util-linux" and version "2.9i"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.9w Search vendor "Andries Brouwer" for product "Util-linux" and version "2.9w"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.10f Search vendor "Andries Brouwer" for product "Util-linux" and version "2.10f"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.10m Search vendor "Andries Brouwer" for product "Util-linux" and version "2.10m"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.10p Search vendor "Andries Brouwer" for product "Util-linux" and version "2.10p"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11f Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11f"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11n Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11n"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11q Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11q"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11r Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11r"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11w Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11w"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11x Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11x"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11y Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11y"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.11z Search vendor "Andries Brouwer" for product "Util-linux" and version "2.11z"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12a Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12a"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12b Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12b"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12i Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12i"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12j Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12j"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12k Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12k"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12o Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12o"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12p Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12p"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.12q Search vendor "Andries Brouwer" for product "Util-linux" and version "2.12q"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.13_pre1 Search vendor "Andries Brouwer" for product "Util-linux" and version "2.13_pre1"		-		Affected
Andries Brouwer Search vendor "Andries Brouwer"		Util-linux Search vendor "Andries Brouwer" for product "Util-linux"				2.13_pre2 Search vendor "Andries Brouwer" for product "Util-linux" and version "2.13_pre2"		-		Affected