http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz

DSA-2063

40939

ADV-2010-1520

The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010)

    Vulnerabilities have been discovered in the packages listed below.
      Please review the CVE identifiers in the Reference section for details.
      Insight       Perl Tk Module       Source-Navigator       Tk       Partimage       Mlmmj       acl       Xinit       gzip       ncompress       liblzw       splashutils       GNU M4       KDE Display Manager       GTK+       KGet       dvipng       Beanstalk       Policy Mount       pam_krb5       GNU gv       LFTP       Uzbl       Slim       Bitdefender Console       iputils       DVBStreamer   Impact :

    A context-dependent attacker may be able to gain escalated privileges,       execute arbitrary code, cause Denial of Service, obtain sensitive       information, or otherwise bypass security restrictions.
  Workaround :

    There are no known workarounds at this time.

Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.

ID	Name	Product	Family	Severity
79961	GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010	Nessus	Gentoo Local Security Checks	critical
47105	Debian DSA-2063-1 : pmount - insecure temporary file	Nessus	Debian Local Security Checks	low

CVE-2010-2192

low

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

Vulnerable Software

Configuration 1

Tenable Plugins

critical

low