Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-3970HistorySep 11, 2008 - 1:13 a.m.
CVE-2008-3970
2008-09-1101:13:47
Debian Security Bug Tracker
security-tracker.debian.org
6
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
5.1%
pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libpam-mount | < 0.48-1 | libpam-mount_0.48-1_all.deb |
| Debian | 11 | all | libpam-mount | < 0.48-1 | libpam-mount_0.48-1_all.deb |
| Debian | 999 | all | libpam-mount | < 0.48-1 | libpam-mount_0.48-1_all.deb |
| Debian | 13 | all | libpam-mount | < 0.48-1 | libpam-mount_0.48-1_all.deb |
Related
openvas
openvas
Mandriva Update for pam_mount MDVSA-2008:208 (pam_mount)
2009-04-09 00:00:00
Mandriva Update for pam_mount MDVSA-2008:208-1 (pam_mount)
2009-04-09 00:00:00
Mandriva Update for pam_mount MDVSA-2008:208 (pam_mount)
2009-04-09 00:00:00
cve
cve
CVE-2008-3970
2008-09-11 01:13:47
nessus
nessus
SuSE 10 Security Update : pam_mount (ZYPP Patch Number 5602)
2008-09-23 00:00:00
openSUSE 10 Security Update : pam_mount (pam_mount-5598)
2008-09-23 00:00:00
openSUSE Security Update : pam_mount (pam_mount-191)
2009-07-21 00:00:00
redhatcve
redhatcve
CVE-2008-3970
2019-10-04 20:28:49
ubuntucve
ubuntucve
CVE-2008-3970
2008-09-11 00:00:00
prion
prion
Design/Logic Flaw
2008-09-11 01:13:00
cvelist
cvelist
CVE-2008-3970
2008-09-10 15:00:00
nvd
nvd
CVE-2008-3970
2008-09-11 01:13:47
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
5.1%
Related for DEBIANCVE:CVE-2008-3970