Ubuntu Hit By A Vulnerability In "Eject"

Written by Michael Larabel in Ubuntu on 28 March 2017 at 08:36 AM EDT. 24 Comments
UBUNTU
Ubuntu 12.04/14.04/16.04/16.10 is affected by a new medium priority CVE this morning that could allow a local attacker to execute code as root.

Ubuntu and Ubuntu-based operating systems are affected by this vulnerability due to a patch they carry for their eject package. Yes, the command for ejecting removable media like CD-ROMs.

The eject vulnerability is described as, "Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator."

Updated packages of eject are available for supported Ubuntu releases.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week