MDVSA-2008:208-1 -- Mandriva pam_mountID: oval:org.secpod.oval:def:301594 | Date: (C)2012-01-07 (M)2023-11-13 |
Class: PATCH | Family: unix |
pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. Update: The fix for CVE-2008-3970 uncovered crashes in the code handling the "allow", "deny", and "require" options in pam_mount-0.33, released for Mandriva Linux 2008 Spring. Also, the verification of the allowed mount options was inverted in pam_mount-0.33. This update fixes these issues.
Platform: |
Mandriva Linux 2008.1 |