CVE-2010-2192

Name of the Vulnerable Software and Affected Versions pmount version 0.9.18

Description The issue concerns multiple vulnerabilities in the pmount package of the Debian GNU/Linux operating system, which can lead to a breach of protected information integrity. Specifically, the make lockdir name function in policy.c is vulnerable to a symlink attack, allowing local users to overwrite arbitrary files by exploiting a file in /var/lock/.

Recommendations For pmount version 0.9.18, consider restricting access to the make lockdir name function in policy.c to prevent arbitrary file overwrites until a patch is available. Additionally, monitor and limit user activity in the /var/lock/ directory to minimize the risk of exploitation.