PublicDate: 2008-09-11 01:13:00 UTC
Candidate: CVE-2008-3970
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3970
Description:
 pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify
 mountpoint and source ownership before mounting a user-defined volume,
 which allows local users to bypass intended access restrictions via a local
 mount.
Ubuntu-Description:
Notes:
 jdstrand> due to code refactoring from 3 years ago. luserconf is disabled by
  default on Ubuntu.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libpam-mount:
upstream_libpam-mount: released (0.48-1)
dapper_libpam-mount: ignored (reached end-of-life)
feisty_libpam-mount: needed (reached end-of-life)
gutsy_libpam-mount: needed (reached end-of-life)
hardy_libpam-mount: ignored (reached end-of-life)
intrepid_libpam-mount: needed (reached end-of-life)
jaunty_libpam-mount: not-affected (1.5-1ubuntu1)
karmic_libpam-mount: not-affected
lucid_libpam-mount: not-affected
maverick_libpam-mount: not-affected
natty_libpam-mount: not-affected
devel_libpam-mount: not-affected