Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Sat, 6 Sep 2008 13:23:20 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: CVE request: pam_mount < 0.47 missing security checks

Citing release notes mail:

About the security issue
========================

During code refactoring approximately 3 years ago, are affected), some 
sanity/security checks for user-defined volumes were, probably 
accidentally, removed. This allowed users to mount arbitrary sources 
onto arbitrary directories; normally, they can only do so when they own 
the mountpoint, and own the source, or the source is a non-local mount.

Versions 0.10 through 0.45 are affected. The correct behavior enforcing 
these restrictions has been restored in 0.47. By default, user-defined 
configuration files are disabled in pam_mount.conf.xml anyway, and it is 
believed that luserconf-enabled systems are not numerous, so this is 
only a minor issue. It is advised to upgrade the affected systems, or as 
a workaround, disable user-defined volumes by commenting out the 
<luserconf ...> configuration item.


-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ