Fedora 8 : libHX-1.23-1.fc8 / pam_mount-0.47-1.fc8 (2008-7973)

High Nessus Plugin ID 34183


The remote Fedora host is missing one or more security updates.


A security flaw in the pam_mount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message sent to the pam-mount-user mailinglist at SourceForge: http://sourceforge.net/mailarchive/me ssage.php?msg_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbz chgretzou. qr The pam_mount facility now uses a configuration file written in XML. The /etc/security/pam_mount.conf file will be converted to /etc/security/pam_mount.conf.xml during update with /usr/bin/convert_pam_mount_conf.pl, which removes all comments. Any per-user configuration files must be converted manually, with the conversion script if desired. A sample pam_mount.conf.xml file with detailed comments about the available options appears at /usr/share/doc/pam_mount-*/pam_mount.conf.xml. Note: This update also introduces a new version of libHX, which is required by updated pam_mount.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected libHX and / or pam_mount packages.

See Also





Plugin Details

Severity: High

ID: 34183

File Name: fedora_2008-7973.nasl

Version: $Revision: 1.11 $

Type: local

Agent: unix

Published: 2008/09/12

Modified: 2015/10/21

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:libHX, p-cpe:/a:fedoraproject:fedora:pam_mount, cpe:/o:fedoraproject:fedora:8

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2008/09/11

Reference Information

FEDORA: 2008-7973