CVE-2007-0822

Name of the Vulnerable Software and Affected Versions: umount versions prior to the fixed version

Description: The issue allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed. This might allow users to obtain sensitive information, including core file contents.

Recommendations: For versions prior to the fixed version, consider applying configuration changes to prevent invocation of umount with a pathname for a removed USB pen drive as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.