Fedora 8 : libHX-1.23-1.fc8 / pam_mount-0.47-1.fc8 (2008-7973)
High Nessus Plugin ID 34183
SynopsisThe remote Fedora host is missing one or more security updates.
DescriptionA security flaw in the pam_mount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message sent to the pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbz chgretzou. qr The pam_mount facility now uses a configuration file written in XML. The /etc/security/pam_mount.conf file will be converted to /etc/security/pam_mount.conf.xml during update with /usr/bin/convert_pam_mount_conf.pl, which removes all comments. Any per-user configuration files must be converted manually, with the conversion script if desired. A sample pam_mount.conf.xml file with detailed comments about the available options appears at /usr/share/doc/pam_mount-*/pam_mount.conf.xml. Note: This update also introduces a new version of libHX, which is required by updated pam_mount.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected libHX and / or pam_mount packages.