SynopsisThe remote Debian host is missing a security-related update.
DescriptionDan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack.
SolutionUpgrade the pmount package.
For the stable distribution (lenny), this problem has been fixed in version 0.9.18-2+lenny1