CVE-2010-2192

The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.

Published: Jun 18, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2192
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-59

Affected Software
References

Software	From	Fixed in
vincent_fourmond / pmount	0.9.18	0.9.18.x

http://security.debian.org/pool/updates/main/p/pmount/pmount_0.9.18-2+lenny1.diff.gz
http://www.debian.org/security/2010/dsa-2063
http://www.securityfocus.com/bid/40939
http://www.vupen.com/english/advisories/2010/1520

Vulnerability Database

290,020

CVE-2010-2192