Launchpad.net

CVE 2010-2192

The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.

Related bugs and status

CVE-2010-2192 (Candidate) is related to these bugs:

Bug #574809: Symlink attacks possible with pmount

		In	Importance	Status
574809	Symlink attacks possible with pmount	pmount (Ubuntu)	Undecided	Won't Fix
574809	Symlink attacks possible with pmount	pmount (Ubuntu Hardy)	Undecided	Fix Released
574809	Symlink attacks possible with pmount	pmount (Ubuntu Lucid)	Undecided	Fix Released
574809	Symlink attacks possible with pmount	pmount (Ubuntu Dapper)	Undecided	Won't Fix
574809	Symlink attacks possible with pmount	pmount (Ubuntu Karmic)	Undecided	Fix Released
574809	Symlink attacks possible with pmount	pmount (Ubuntu Jaunty)	Undecided	Fix Released
574809	Symlink attacks possible with pmount	pmount (Ubuntu Maverick)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://security.debian...
DEBIAN: DSA-2063
BID: 40939
VUPEN: ADV-2010-1520