Support / Security / Advisories / Mandriva Linux 2009.0 / MDVSA-2009:004

Package name: pam_mount
Date: 2009-01-09
Advisory ID: MDVSA-2009:004
Affected versions: 2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

passwdehd script in pam_mount would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file.

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 0be0da9f4ed2c14548372a468f125d2f  2009.0/x86_64/pam_mount-0.48-1.2mdv2009.0.x86_64.rpm 
 042e57a4312295e0386f5dd701801015  2009.0/SRPMS/pam_mount-0.48-1.2mdv2009.0.src.rpm

2008.0 i586

 d550c87096d1aa30ba502066de99ee7e  2008.0/i586/pam_mount-0.17-1.3mdv2008.0.i586.rpm
 68494b5087e4db72d5220bf88dd50ef8  2008.0/i586/pam_mount-devel-0.17-1.3mdv2008.0.i586.rpm 
 1b8fc3341d368f35b2c4c68a40fa931a  2008.0/SRPMS/pam_mount-0.17-1.3mdv2008.0.src.rpm

2009.0 i586

 bc4fe7e82c04906e8b55c6f4ae605a7d  2009.0/i586/pam_mount-0.48-1.2mdv2009.0.i586.rpm 
 042e57a4312295e0386f5dd701801015  2009.0/SRPMS/pam_mount-0.48-1.2mdv2009.0.src.rpm

CS4.0 i586

 441b6914509f1c825b4718d4a7519994  corporate/4.0/i586/pam_mount-0.10.0-5.3.20060mlcs4.i586.rpm
 a20956acc5fc8f58f57fc02edc55a103  corporate/4.0/i586/pam_mount-devel-0.10.0-5.3.20060mlcs4.i586.rpm 
 39f22f9fd569aea4a5066f7fb89e4014  corporate/4.0/SRPMS/pam_mount-0.10.0-5.3.20060mlcs4.src.rpm

2008.0 x86_64

 d2932e71d030d7d1c9ac28f89230b4dd  2008.0/x86_64/pam_mount-0.17-1.3mdv2008.0.x86_64.rpm
 3f6b089d0de2e4ed4a1079bc96606d2b  2008.0/x86_64/pam_mount-devel-0.17-1.3mdv2008.0.x86_64.rpm 
 1b8fc3341d368f35b2c4c68a40fa931a  2008.0/SRPMS/pam_mount-0.17-1.3mdv2008.0.src.rpm

CS4.0 x86_64

 8570403f2404c0b00762b8143ddc2a19  corporate/4.0/x86_64/pam_mount-0.10.0-5.3.20060mlcs4.x86_64.rpm
 cb96ac8a4f097c23e1cc3bb8be01bc74  corporate/4.0/x86_64/pam_mount-devel-0.10.0-5.3.20060mlcs4.x86_64.rpm 
 39f22f9fd569aea4a5066f7fb89e4014  corporate/4.0/SRPMS/pam_mount-0.10.0-5.3.20060mlcs4.src.rpm

2008.1 x86_64

 b55f9915b16de205ce876f1f522ee422  2008.1/x86_64/pam_mount-0.33-2.5mdv2008.1.x86_64.rpm 
 b448a0849a4b0a9ba81452321da671dd  2008.1/SRPMS/pam_mount-0.33-2.5mdv2008.1.src.rpm

2008.1 i586

 2d6291e9ae03d1af8373e76396ab77b2  2008.1/i586/pam_mount-0.33-2.5mdv2008.1.i586.rpm 
 b448a0849a4b0a9ba81452321da671dd  2008.1/SRPMS/pam_mount-0.33-2.5mdv2008.1.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5138