Lucene search
Ubuntu.comUB:CVE-2008-3970HistorySep 11, 2008 - 12:00 a.m.
CVE-2008-3970
2008-09-1100:00:00
ubuntu.com
ubuntu.com
10
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify
mountpoint and source ownership before mounting a user-defined volume,
which allows local users to bypass intended access restrictions via a local
mount.
Notes
| Author | Note |
|---|---|
| jdstrand | due to code refactoring from 3 years ago. luserconf is disabled by default on Ubuntu. |
Related
cve
cve
CVE-2008-3970
2008-09-11 01:13:47
openvas
openvas
Mandriva Update for pam_mount MDVSA-2008:208-1 (pam_mount)
2009-04-09 00:00:00
Mandriva Update for pam_mount MDVSA-2008:208-1 (pam_mount)
2009-04-09 00:00:00
SLES10: Security update for pam_mount
2009-10-13 00:00:00
debiancve
debiancve
CVE-2008-3970
2008-09-11 01:13:47
cvelist
cvelist
CVE-2008-3970
2008-09-10 15:00:00
nvd
nvd
CVE-2008-3970
2008-09-11 01:13:47
prion
prion
Design/Logic Flaw
2008-09-11 01:13:00
nessus
nessus
Mandriva Linux Security Advisory : pam_mount (MDVSA-2008:208-1)
2009-04-23 00:00:00
SuSE 10 Security Update : pam_mount (ZYPP Patch Number 5602)
2008-09-23 00:00:00
openSUSE 10 Security Update : pam_mount (pam_mount-5598)
2008-09-23 00:00:00
redhatcve
redhatcve
CVE-2008-3970
2019-10-04 20:28:49
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Related for UB:CVE-2008-3970