Paketname
pam_mount
Datum
2008-10-18
Advisory ID
MDVSA-2008:208-1
Betroffene Versionen
2008.1 x86_64 , 2008.1 i586

Problembeschreibung

pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify
mountpoint and source ownership before mounting a user-defined volume,
which allows local users to bypass intended access restrictions via
a local mount.

The updated packages have been patched to fix the issue.

Update:

The fix for CVE-2008-3970 uncovered crashes in the code handling the
'allow', 'deny', and 'require' options in pam_mount-0.33, released
for Mandriva Linux 2008 Spring. Also, the verification of the allowed
mount options ('allow' configuration directive) was inverted in
pam_mount-0.33.

This update fixes these issues.

Aktualisierte Pakete

2008.1 x86_64

 987c215769eea4ecbc860b7eec68cca4  2008.1/x86_64/pam_mount-0.33-2.3mdv2008.1.x86_64.rpm 
 afc9d31b5a180beaddf715b64e70ce22  2008.1/SRPMS/pam_mount-0.33-2.3mdv2008.1.src.rpm

2008.1 i586

 f57f019d59c0bf8a326b6f1259d46b82  2008.1/i586/pam_mount-0.33-2.3mdv2008.1.i586.rpm 
 afc9d31b5a180beaddf715b64e70ce22  2008.1/SRPMS/pam_mount-0.33-2.3mdv2008.1.src.rpm

Referenzen