Sicherheit: Überschreiben von Dateien in pam_mount

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1231563012-14940-7266

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:004
http://www.mandriva.com/security/
_______________________________________________________________________

Package : pam_mount
Date : January 9, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

passwdehd script in pam_mount would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file.

The updated packages have been patched to prevent this.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5138
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
d550c87096d1aa30ba502066de99ee7e
2008.0/i586/pam_mount-0.17-1.3mdv2008.0.i586.rpm
68494b5087e4db72d5220bf88dd50ef8
2008.0/i586/pam_mount-devel-0.17-1.3mdv2008.0.i586.rpm
1b8fc3341d368f35b2c4c68a40fa931a
2008.0/SRPMS/pam_mount-0.17-1.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
d2932e71d030d7d1c9ac28f89230b4dd
2008.0/x86_64/pam_mount-0.17-1.3mdv2008.0.x86_64.rpm
3f6b089d0de2e4ed4a1079bc96606d2b
2008.0/x86_64/pam_mount-devel-0.17-1.3mdv2008.0.x86_64.rpm
1b8fc3341d368f35b2c4c68a40fa931a
2008.0/SRPMS/pam_mount-0.17-1.3mdv2008.0.src.rpm

Mandriva Linux 2008.1:
2d6291e9ae03d1af8373e76396ab77b2
2008.1/i586/pam_mount-0.33-2.5mdv2008.1.i586.rpm
b448a0849a4b0a9ba81452321da671dd
2008.1/SRPMS/pam_mount-0.33-2.5mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
b55f9915b16de205ce876f1f522ee422
2008.1/x86_64/pam_mount-0.33-2.5mdv2008.1.x86_64.rpm
b448a0849a4b0a9ba81452321da671dd
2008.1/SRPMS/pam_mount-0.33-2.5mdv2008.1.src.rpm

Mandriva Linux 2009.0:
bc4fe7e82c04906e8b55c6f4ae605a7d
2009.0/i586/pam_mount-0.48-1.2mdv2009.0.i586.rpm
042e57a4312295e0386f5dd701801015
2009.0/SRPMS/pam_mount-0.48-1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
0be0da9f4ed2c14548372a468f125d2f
2009.0/x86_64/pam_mount-0.48-1.2mdv2009.0.x86_64.rpm
042e57a4312295e0386f5dd701801015
2009.0/SRPMS/pam_mount-0.48-1.2mdv2009.0.src.rpm

Corporate 4.0:
441b6914509f1c825b4718d4a7519994
corporate/4.0/i586/pam_mount-0.10.0-5.3.20060mlcs4.i586.rpm
a20956acc5fc8f58f57fc02edc55a103
corporate/4.0/i586/pam_mount-devel-0.10.0-5.3.20060mlcs4.i586.rpm
39f22f9fd569aea4a5066f7fb89e4014
corporate/4.0/SRPMS/pam_mount-0.10.0-5.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
8570403f2404c0b00762b8143ddc2a19
corporate/4.0/x86_64/pam_mount-0.10.0-5.3.20060mlcs4.x86_64.rpm
cb96ac8a4f097c23e1cc3bb8be01bc74
corporate/4.0/x86_64/pam_mount-devel-0.10.0-5.3.20060mlcs4.x86_64.rpm
39f22f9fd569aea4a5066f7fb89e4014
corporate/4.0/SRPMS/pam_mount-0.10.0-5.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJZ/tKmqjQ0CJFipgRAjovAJ9+Ou+VYZjTkMJUcE0mwcAl/VakaQCgrKTr
afw7dFhHo2VckEpKLFgqQyk=
=vbOs
-----END PGP SIGNATURE-----

------------=_1231563012-14940-7266
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1231563012-14940-7266--