Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59985
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2007:1129
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2007:1129.

The autofs utility controls the operation of the automount daemon, which
automatically mounts and unmounts file systems after a period of
inactivity. The autofs version 5 package was made available as a
technology preview in Red Hat Enterprise Linux version 4.6.

There was a security issue with the default installed configuration of
autofs version 5 whereby the entry for the hosts map did not specify the
nosuid mount option. A local user with control of a remote nfs server
could create a setuid root executable within an exported filesystem on the
remote nfs server that, if mounted using the default hosts map, would allow
the user to gain root privileges. (CVE-2007-5964)

Due to the fact that autofs version 5 always mounted hosts map entries suid
by default, autofs has now been altered to always use the nosuid option
when mounting from the default hosts map. The suid option must be
explicitly given in the master map entry to revert to the old behavior.
This change affects only the hosts map which corresponds to the /net entry
in the default configuration.

Users are advised to upgrade to these updated autofs5 packages, which
resolve this issue.

Red Hat would like to thank Josh Lange for reporting this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1129.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5964
BugTraq ID: 26841
http://www.securityfocus.com/bid/26841
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00474.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00549.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:009
https://bugzilla.redhat.com/show_bug.cgi?id=410031
http://osvdb.org/40441
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10158
http://www.redhat.com/support/errata/RHSA-2007-1128.html
http://www.redhat.com/support/errata/RHSA-2007-1129.html
http://securitytracker.com/id?1019087
http://secunia.com/advisories/28052
http://secunia.com/advisories/28097
http://secunia.com/advisories/28456
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.