This is CVE-2010-2192. Attached is the patch from upstream. >From upstream: "The solution is very simple: put the locks in /var/lib/pmount-locks. As /var/lib is not world-writable, there is no risk of a user intercepting /var/lib/pmount-locks before pmount creates it. This is what the attached patch does, and the best thing is that there won't even be needs for postinst scripts with this solution."
** Patch added: "fix-pmount-var-lock-exploit-v2.diff" http://launchpadlibrarian.net/50504393/fix-pmount-var-lock-exploit-v2.diff -- Symlink attacks possible with pmount https://bugs.launchpad.net/bugs/574809 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
