what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-208

Mandriva Linux Security Advisory 2008-208
Posted Sep 30, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2008-3970
SHA-256 | 88f64007e07ce27c4073d0a45eea45c638c255edb6baf467f57563d6b69711da

Mandriva Linux Security Advisory 2008-208

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:208
https://www.mandriva.com/security/
_______________________________________________________________________

Package : pam_mount
Date : September 29, 2008
Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify
mountpoint and source ownership before mounting a user-defined volume,
which allows local users to bypass intended access restrictions via
a local mount.

The updated packages have been patched to fix the issue.
_______________________________________________________________________

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3970
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.1:
dabe7e010c95879959959e4804ae83cb 2007.1/i586/pam_mount-0.17-1.1mdv2007.1.i586.rpm
b237206c3e85a63b0e733a7db02fcba1 2007.1/i586/pam_mount-devel-0.17-1.1mdv2007.1.i586.rpm
c81ceb5ccab44675322db02cdc5cc972 2007.1/SRPMS/pam_mount-0.17-1.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
db7d0a5b43608ce1741bfbcb75dccc88 2007.1/x86_64/pam_mount-0.17-1.1mdv2007.1.x86_64.rpm
c18edd6508f15bb3bdf041baa8021df8 2007.1/x86_64/pam_mount-devel-0.17-1.1mdv2007.1.x86_64.rpm
c81ceb5ccab44675322db02cdc5cc972 2007.1/SRPMS/pam_mount-0.17-1.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
14582d4c7f686e67632d9603b33a16f6 2008.0/i586/pam_mount-0.17-1.1mdv2008.0.i586.rpm
e909ab0be3d5e979500ce026c6d47217 2008.0/i586/pam_mount-devel-0.17-1.1mdv2008.0.i586.rpm
96406b251d1096347fbd9d699d158e53 2008.0/SRPMS/pam_mount-0.17-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
7e30f80f0b113a9c0f9089452eba9e66 2008.0/x86_64/pam_mount-0.17-1.1mdv2008.0.x86_64.rpm
b0e1455f76a67b2def22fb84b3c835df 2008.0/x86_64/pam_mount-devel-0.17-1.1mdv2008.0.x86_64.rpm
96406b251d1096347fbd9d699d158e53 2008.0/SRPMS/pam_mount-0.17-1.1mdv2008.0.src.rpm

Mandriva Linux 2008.1:
0f3271419c28fadaa6420438d7f434ac 2008.1/i586/pam_mount-0.33-2.1mdv2008.1.i586.rpm
eec908414e3a3b50141821b4628c91e5 2008.1/SRPMS/pam_mount-0.33-2.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
3235bba384d4a2692b557b6a14ae1779 2008.1/x86_64/pam_mount-0.33-2.1mdv2008.1.x86_64.rpm
eec908414e3a3b50141821b4628c91e5 2008.1/SRPMS/pam_mount-0.33-2.1mdv2008.1.src.rpm

Corporate 4.0:
19f2eb0aacfc918f263797734665bd33 corporate/4.0/i586/pam_mount-0.10.0-5.1.20060mlcs4.i586.rpm
74d983393ad8d8f288df52b682e5423d corporate/4.0/i586/pam_mount-devel-0.10.0-5.1.20060mlcs4.i586.rpm
55b755782e2b61a013e60d397f1cfbbd corporate/4.0/SRPMS/pam_mount-0.10.0-5.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
5e1cd73d9ab0d15e95333e0aac62c6ed corporate/4.0/x86_64/pam_mount-0.10.0-5.1.20060mlcs4.x86_64.rpm
1a4fef46e82af0950bc034fceec01285 corporate/4.0/x86_64/pam_mount-devel-0.10.0-5.1.20060mlcs4.x86_64.rpm
55b755782e2b61a013e60d397f1cfbbd corporate/4.0/SRPMS/pam_mount-0.10.0-5.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

https://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI4WslmqjQ0CJFipgRAq38AJ4jpfUyilElpY6Aa4LI9GG+z+xNaQCg7N0y
7BYibBFP7vLxAmXsoT3KJM8=
=6PJX
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close