Date: Sat, 6 Sep 2008 13:23:20 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: CVE request: pam_mount < 0.47 missing security checks Citing release notes mail: About the security issue ======================== During code refactoring approximately 3 years ago, are affected), some sanity/security checks for user-defined volumes were, probably accidentally, removed. This allowed users to mount arbitrary sources onto arbitrary directories; normally, they can only do so when they own the mountpoint, and own the source, or the source is a non-local mount. Versions 0.10 through 0.45 are affected. The correct behavior enforcing these restrictions has been restored in 0.47. By default, user-defined configuration files are disabled in pam_mount.conf.xml anyway, and it is believed that luserconf-enabled systems are not numerous, so this is only a minor issue. It is advised to upgrade the affected systems, or as a workaround, disable user-defined volumes by commenting out the <luserconf ...> configuration item. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@...eck.de [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ