Summary
The remote host is missing an update to loop-aes-utils announced via advisory DSA 825-1.
David Watson discoverd a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.
The old stable distribution (woody) does not contain loop-aes-utils packages.
Solution
For the stable distribution (sarge) this problem has been fixed in version 2.12p-4sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.12p-9.
We recommend that you upgrade your loop-aes-utils package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20825-1
Severity
Classification
-
CVE CVE-2005-2876 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities