===================================================================== CERT-Renater Note d'Information No. 2008/VULN399 _____________________________________________________________________ DATE : 01/10/2008 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running pam_mount. ====================================================================== http://sourceforge.net/mailarchive/forum.php?thread_name=alpine.LNX.1.10.0809042353120.17569%40fbirervta.pbzchgretzou.qr&forum_name=pam-mount-user ______________________________________________________________________ [pam_mount] pam_mount 0.47 released From: Jan Engelhardt - 2008-09-05 04:08 Summary ======= This release fixes a regression and adds security-critical checks for user-defined volumes. All remaining fixed-size buffers have been replaced, and support for encfs 1.3.x has been added. URL === http://downloads.sf.net/pam-mount/pam_mount-0.47.tar.lzma {,.asc} SHA1: 0678b4073e6969411e446ac2d40a6e87f4040568 pam_mount-0.47.tar.lzma About the security issue ======================== During code refactoring approximately 3 years ago, are affected), some sanity/security checks for user-defined volumes were, probably accidentally, removed. This allowed users to mount arbitrary sources onto arbitrary directories; normally, they can only do so when they own the mountpoint, and own the source, or the source is a non-local mount. Versions 0.10 through 0.45 are affected. The correct behavior enforcing these restrictions has been restored in 0.47. By default, user-defined configuration files are disabled in pam_mount.conf.xml anyway, and it is believed that luserconf-enabled systems are not numerous, so this is only a minor issue. It is advised to upgrade the affected systems, or as a workaround, disable user-defined volumes by commenting out the configuration item. v0.47 (September 04 2008) ========================= This release incorporates a security fix (item 3 on the list). All administrators who have enabled in the configuration file should upgrade. A workaround is to comment out . - mount.crypt: add missing null command to conform to sh syntax (SF bug #2089446) - conf: fix printing of strings when luser volume options were not ok - conf: re-add luserconf security checks - add support for encfs 1.3.x (1.4.x already has been in for long) - conf: add the "noroot" attribute for to force mounting with the unprivileged user account (required for FUSE filesystems) - replace fixed-size buffers and arrays with dynamic ones (complete) Git Shortlog ============ Jan Engelhardt (12, +15 not shown related to src organization): doc: remove truecrypt from the support list doc: clarify difference between use_first_pass and soft_try_pass Add support for encfs 1.3.x doc: update minimum requirements build: use pkg-config to check for OpenSSL Fix leftover static buffer size checks (sf bug#2089446) conf: fix printing of strings when luser volume options were not ok Print version info on login (when debug is on) conf: add "noroot" attribute for Re-add luserconf security checks doc: update pam_mount.conf(5) with filesystem examples pam_mount 0.47 Steffen Pankratz (1): mount.crypt: add missing null command to conform to sh syntax (SF bug#2089446) ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================