lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 02 May 2011 11:41:28 -0400
From: Marc Deslauriers <>
Subject: [USN-1127-1] usb-creator vulnerability

Ubuntu Security Notice USN-1127-1
May 02, 2011

usb-creator vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS


An attacker could use usb-creator to unmount arbitrary disks or perform
other unauthorized disk operations.

Software Description:
- usb-creator: create a startup disk using a CD or disc image (common files)


Evan Broder discovered that usb-creator did not properly enforce
restrictions when performing privileged disk operations. A local attacker
could use this flaw to perform certain disk operations, such as unmount
arbitrary mountpoints.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:

Ubuntu 10.10:

Ubuntu 10.04 LTS:

In general, a standard system update will make all the necessary changes.


Package Information:

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists