Ubuntu.com/usn: Referenced CVEs:
CVE-2010-2961


Description:
===========================================================Ubuntu Security Notice USN-985-1 September 08, 2010mountall vulnerabilityCVE-2010-2961===========================================================A security issue affects the following Ubuntu releases:Ubuntu 10.04 LTSThis advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 10.04 LTS: mountall 2.15.2In general, a standard system update will make all the necessary changes.Details follow:Alasdair MacGregor discovered that mountall created a udev rule filewith world-writable permissions. A local attacker could exploit thisunder certain conditions to cause udev to execute arbitrary commands asthe root user.





More...