PT-2010-1011 · Debian · Pmount
Dan Rosenberg
·
Published
2010-06-18
·
Updated
2010-06-22
·
CVE-2010-2192
CVSS v2.0
1.9
Low
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
pmount version 0.9.18
Description
The issue concerns multiple vulnerabilities in the pmount package of the Debian GNU/Linux operating system, which can lead to a breach of protected information integrity. Specifically, the
make lockdir name function in policy.c is vulnerable to a symlink attack, allowing local users to overwrite arbitrary files by exploiting a file in /var/lock/.Recommendations
For pmount version 0.9.18, consider restricting access to the
make lockdir name function in policy.c to prevent arbitrary file overwrites until a patch is available. Additionally, monitor and limit user activity in the /var/lock/ directory to minimize the risk of exploitation.Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pmount