Mandriva: Subject: [Security Announce] [ MDVSA-2008:208-1 ] pam_mount |
|
| BugsAlert Home > Mandriva: Subject: [Security Announce] [ MDVSA-2008:208-1 ] pam_mount | |
|
LinuxSecurity.com: pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. Update: The fix for CVE-2008-3970 uncovered crashes in the code handling the 'allow', 'deny', and 'require' options in pam_mount-0.33, released for Mandriva Linux 2008 Spring. Also, the verification of the allowed mount options ('allow' configuration directive) was inverted in pam_mount-0.33. This update fixes these issues. Original Source: http://www.linuxsecurity.com/content/view/143333?rdf Learn more about Mandriva: Subject: [Security Announce] [ MDVSA-2008:208-1 ] pam_mount |
|
|
Tags: mandriva subject security announce mdvsa-2008 208-1 pam mount |
|
Related Items |
|
|
CVE-2008-4315 (enterprise_linux, enterprise_linux_desktop)
|
|
|
F5 BIG-IP Application Security Manager "report_type" Cross Site Scripting
|
|
|
CVE-2008-3213 (webcms_portal_edition)
|
|
|
CVE-2008-5042 (photovideotube)
|
|
|
Gentoo Security Update Fixes unp Shell Command Injection Vulnerability
|
|
|
Bugtraq: Apple OS X Software Update Remote Command Execution
|
|
|
Bugtraq: Safari 2 Denial of Service
|
|
