Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.59985 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Security Advisory RHSA-2007:1129 |
Summary: | NOSUMMARY |
Description: | Description: The remote host is missing updates announced in advisory RHSA-2007:1129. The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. The autofs version 5 package was made available as a technology preview in Red Hat Enterprise Linux version 4.6. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the hosts map did not specify the nosuid mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs version 5 always mounted hosts map entries suid by default, autofs has now been altered to always use the nosuid option when mounting from the default hosts map. The suid option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs5 packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1129.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.9 |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5964 BugTraq ID: 26841 http://www.securityfocus.com/bid/26841 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00474.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00549.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 https://bugzilla.redhat.com/show_bug.cgi?id=410031 http://osvdb.org/40441 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10158 http://www.redhat.com/support/errata/RHSA-2007-1128.html http://www.redhat.com/support/errata/RHSA-2007-1129.html http://securitytracker.com/id?1019087 http://secunia.com/advisories/28052 http://secunia.com/advisories/28097 http://secunia.com/advisories/28456 |
Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |