Red Hat Bugzilla – Bug 461464
CVE-2008-3970 pam_mount: missing luserconf security checks
Last modified: 2008-10-01 14:20:50 EDT
pam_mount upstream released new version 0.47 that re-adds luserconf option security checks, that got dropped during the code rewrite in version 0.10. This allowed users to mount arbitrary sources onto arbitrary directories; normally, they can only do so when they own the mountpoint, and own the source, or the source is a non-local mount.
Announcement mails sent to pam-mount-user list:
libHX-1.23-1.fc8, pam_mount-0.47-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
libHX-1.23-1.fc9, pam_mount-0.47-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: