Lucene search

[email protected]CVE-2010-2192

HistoryOct 03, 2022 - 4:21 p.m.

CVE-2010-2192

2022-10-0316:21:09

CWE-59

[email protected]

web.nvd.nist.gov

pmount

0.9.18

vulnerability

make_lockdir_name

symlink attack

local users

nvd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.

Affected configurations

NVD

Node

vincent_fourmondpmountMatch0.9.18

CPENameOperatorVersion
vincent_fourmond:pmountvincent fourmond pmounteq0.9.18

CPE	Name	Operator	Version
vincent_fourmond:pmount	vincent fourmond pmount	eq	0.9.18

References

security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz

www.debian.org/security/2010/dsa-2063

www.securityfocus.com/bid/40939

www.vupen.com/english/advisories/2010/1520

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-2192

ubuntucve1 nvd1 debian2 prion1 cvelist1 securityvulns2 openvas3 nessus2 debiancve1 gentoo1