CVE-2008-3970

Published: Sep 10, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[pam-mount-user] 20080905 pam_mount 0.47 released

mailing-list

x_refsource_MLIST

[oss-security] 20080906 CVE request: pam_mount < 0.47 missing security checks

mailing-list

x_refsource_MLIST

pammount-luserconf-privilege-escalation(44960)

vdb-entry

x_refsource_XF

MDVSA-2008:208

vendor-advisory

x_refsource_MANDRIVA

http://sourceforge.net/project/shownotes.php?release_id=624240

x_refsource_CONFIRM

[oss-security] 20080909 Re: CVE request: pam_mount < 0.47 missing security checks

mailing-list

x_refsource_MLIST

31041

vdb-entry

x_refsource_BID

http://dev.medozas.de/gitweb.cgi?p=pam_mount%3Ba=commitdiff%3Bh=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db

x_refsource_CONFIRM

SUSE-SR:2008:019

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-3970

Description

Affected Products

References