CVE-2008-3970
libpam-mount - access restriction bypass
EPSS 0.04%
Description
pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.
How to fix CVE-2008-3970
To remediate CVE-2008-3970, upgrade the affected package to a fixed version below.
- Debian/libpam-mount—upgrade to 0.48-1 or later
- Debian/libpam-mount—upgrade to 0.44-1+lenny1 or later
Is CVE-2008-3970 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.48-1
- from 0, < 0.44-1+lenny1