Ubuntu Hit By A Vulnerability In "Eject"
Ubuntu 12.04/14.04/16.04/16.10 is affected by a new medium priority CVE this morning that could allow a local attacker to execute code as root.
Ubuntu and Ubuntu-based operating systems are affected by this vulnerability due to a patch they carry for their eject package. Yes, the command for ejecting removable media like CD-ROMs.
The eject vulnerability is described as, "Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator."
Updated packages of eject are available for supported Ubuntu releases.
Ubuntu and Ubuntu-based operating systems are affected by this vulnerability due to a patch they carry for their eject package. Yes, the command for ejecting removable media like CD-ROMs.
The eject vulnerability is described as, "Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator."
Updated packages of eject are available for supported Ubuntu releases.
24 Comments