Bug 461464 (CVE-2008-3970)

Summary: CVE-2008-3970 pam_mount: missing luserconf security checks
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jlieskov, opensource
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-01 18:20:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2008-09-08 09:50:26 UTC 
pam_mount upstream released new version 0.47 that re-adds luserconf option security checks, that got dropped during the code rewrite in version 0.10.  This allowed users to mount arbitrary sources onto arbitrary directories; normally, they can only do so when they own the mountpoint, and own the source, or the source is a non-local mount.

References:
https://sourceforge.net/project/shownotes.php?release_id=624240
http://sourceforge.net/forum/forum.php?forum_id=863797
http://www.openwall.com/lists/oss-security/2008/09/06/1
http://www.openwall.com/lists/oss-security/2008/09/06/3

Upstream patch:
http://dev.medozas.de/gitweb.cgi?p=pam_mount;a=commitdiff;h=33b91d7659ae3aa78b1e94fd3f8e545ae5ff25db
Comment 1 Tomas Hoger 2008-09-09 11:19:00 UTC 
Announcement mails sent to pam-mount-user list:
http://sourceforge.net/mailarchive/message.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou.qr
Comment 2 Fedora Update System 2008-09-11 17:16:28 UTC 
libHX-1.23-1.fc8, pam_mount-0.47-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2008-09-11 17:16:57 UTC 
libHX-1.23-1.fc9, pam_mount-0.47-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Red Hat Product Security 2008-10-01 18:20:50 UTC 
This issue was addressed in:

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7973
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7976