Detections
Analytics

Fedora 8 : libHX-1.23-1.fc8 / pam_mount-0.47-1.fc8 (2008-7973)

high Nessus Plugin ID 34183

Synopsis

The remote Fedora host is missing one or more security updates.

Description

A security flaw in the pam_mount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message sent to the pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbz chgretzou. qr The pam_mount facility now uses a configuration file written in XML. The /etc/security/pam_mount.conf file will be converted to /etc/security/pam_mount.conf.xml during update with /usr/bin/convert_pam_mount_conf.pl, which removes all comments. Any per-user configuration files must be converted manually, with the conversion script if desired. A sample pam_mount.conf.xml file with detailed comments about the available options appears at /usr/share/doc/pam_mount-*/pam_mount.conf.xml. Note: This update also introduces a new version of libHX, which is required by updated pam_mount.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected libHX and / or pam_mount packages.

See Also

https://sourceforge.net/p/legacy_/mailarchive/me

https://bugzilla.redhat.com/show_bug.cgi?id=461464

http://www.nessus.org/u?7698453c

http://www.nessus.org/u?96d4da5e

Plugin Details

Severity: High

ID: 34183

File Name: fedora_2008-7973.nasl

Version: 1.14

Type: local

Agent: unix

Published: 9/12/2008

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:libhx, p-cpe:/a:fedoraproject:fedora:pam_mount, cpe:/o:fedoraproject:fedora:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 9/11/2008

Reference Information

FEDORA: 2008-7973