Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 325507 (CVE-2010-2192) - <sys-apps/pmount-0.9.23 symlink attack on a file in /var/lock (CVE-2010-2192)
Summary: <sys-apps/pmount-0.9.23 symlink attack on a file in /var/lock (CVE-2010-2192)
Status: RESOLVED FIXED
Alias: CVE-2010-2192
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.debian.org/security/2010/d...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-25 13:50 UTC by Samuli Suominen
Modified: 2014-12-12 00:32 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Samuli Suominen gentoo-dev 2010-06-25 13:50:36 UTC
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2192
http://www.debian.org/security/2010/dsa-2063

Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.

Test and stabilize:

=sys-apps/pmount-0.9.23
Comment 1 Christoph Mende (RETIRED) gentoo-dev 2010-06-25 15:08:55 UTC
amd64 stable
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:37:33 UTC
CVE-2010-2192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2192):
  The make_lockdir_name function in policy.c in pmount 0.9.18 allow
  local users to overwrite arbitrary files via a symlink attack on a
  file in /var/lock/.

Comment 3 Myckel Habets 2010-06-26 07:47:19 UTC
Builds fine on x86. Rdeps build against it without any problem. Able to start ivman and detects pmount while starting.
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2010-06-26 15:01:34 UTC
alpha/arm/ia64/sh/sparc/x86 stable, thanks Myckel
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-06-28 05:48:58 UTC
Stable for HPPA.
Comment 6 Samuli Suominen gentoo-dev 2010-07-04 12:38:47 UTC
ppc64 stable
Comment 7 nixnut (RETIRED) gentoo-dev 2010-07-18 14:19:58 UTC
ppc stable
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:54:18 UTC
glsa request filed.
Comment 9 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2014-02-21 08:55:37 UTC
Ping. Is this thing alive?
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 00:32:50 UTC
This issue was resolved and addressed in
 GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).