CVE-2010-2192
pmount 0.9.18 - Arbitrary File Overwrite via Symlink Attack in make_lockdir_name
Title source: llmDescription
The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1520
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40939
Patch vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2063
Scores
EPSS
0.0028
EPSS Percentile
19.6%
Details
CWE
CWE-59
Status
published
Products (1)
vincent_fourmond/pmount
0.9.18
Published
Jun 18, 2010
Tracked Since
Feb 18, 2026