Executive Summary

Informations
Name CVE-2007-5964 First vendor Publication 2007-12-13
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5964

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10158
 
Oval ID: oval:org.mitre.oval:def:10158
Title: The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
Description: The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5964
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22376
 
Oval ID: oval:org.mitre.oval:def:22376
Title: ELSA-2007:1128: autofs security update (Important)
Description: The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
Family: unix Class: patch
Reference(s): ELSA-2007:1128-02
CVE-2007-5964
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): autofs
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for autofs MDVSA-2008:009 (autofs)
File : nvt/gb_mandriva_MDVSA_2008_009.nasl
2009-04-09 Name : Mandriva Update for autofs MDVSA-2008:009-1 (autofs)
File : nvt/gb_mandriva_MDVSA_2008_009_1.nasl
2009-03-06 Name : RedHat Update for autofs RHSA-2007:1128-01
File : nvt/gb_RHSA-2007_1128-01_autofs.nasl
2009-03-06 Name : RedHat Update for autofs5 RHSA-2007:1129-01
File : nvt/gb_RHSA-2007_1129-01_autofs5.nasl
2009-03-06 Name : RedHat Update for autofs RHSA-2007:1176-01
File : nvt/gb_RHSA-2007_1176-01_autofs.nasl
2009-03-06 Name : RedHat Update for autofs5 RHSA-2007:1177-01
File : nvt/gb_RHSA-2007_1177-01_autofs5.nasl
2009-02-27 Name : CentOS Update for autofs5 CESA-2007:1177 centos4 i386
File : nvt/gb_CESA-2007_1177_autofs5_centos4_i386.nasl
2009-02-27 Name : CentOS Update for autofs5 CESA-2007:1177 centos4 x86_64
File : nvt/gb_CESA-2007_1177_autofs5_centos4_x86_64.nasl
2009-02-27 Name : Fedora Update for autofs FEDORA-2007-4469
File : nvt/gb_fedora_2007_4469_autofs_fc7.nasl
2009-02-27 Name : Fedora Update for autofs FEDORA-2007-4532
File : nvt/gb_fedora_2007_4532_autofs_fc8.nasl
2009-02-27 Name : Fedora Update for autofs FEDORA-2007-4707
File : nvt/gb_fedora_2007_4707_autofs_fc8.nasl
2009-02-27 Name : Fedora Update for autofs FEDORA-2007-4709
File : nvt/gb_fedora_2007_4709_autofs_fc7.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
40441 Red Hat Enterprise Linux autofs /net Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-1177.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-1176.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-1129.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2007-1128.nasl - Type : ACT_GATHER_INFO
2013-06-29 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-1129.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20071212_autofs_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-1176.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-1128.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2008-009.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Fedora host is missing a security update.
File : fedora_2007-4707.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Fedora host is missing a security update.
File : fedora_2007-4709.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2007-1177.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-1176.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-1177.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote Fedora host is missing a security update.
File : fedora_2007-4532.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote Fedora host is missing a security update.
File : fedora_2007-4469.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-1128.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-1129.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://osvdb.org/40441
http://secunia.com/advisories/28052
http://secunia.com/advisories/28097
http://secunia.com/advisories/28456
http://securitytracker.com/id?1019087
http://www.mandriva.com/security/advisories?name=MDVSA-2008:009
http://www.redhat.com/support/errata/RHSA-2007-1128.html
http://www.redhat.com/support/errata/RHSA-2007-1129.html
http://www.securityfocus.com/bid/26841
https://bugzilla.redhat.com/show_bug.cgi?id=409701
https://bugzilla.redhat.com/show_bug.cgi?id=410031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg0047...
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg0054...
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
Date Informations
2024-11-28 23:15:38
  • Multiple Updates
2024-11-28 12:14:01
  • Multiple Updates
2021-05-04 12:06:40
  • Multiple Updates
2021-04-22 01:07:10
  • Multiple Updates
2020-05-23 00:20:46
  • Multiple Updates
2017-09-29 09:23:17
  • Multiple Updates
2016-06-28 17:03:32
  • Multiple Updates
2016-04-26 16:48:30
  • Multiple Updates
2014-02-17 10:42:36
  • Multiple Updates
2013-05-11 10:42:15
  • Multiple Updates