Executive Summary
| Summary | |
|---|---|
| Title | Updated autofs packages fix insecure hosts configuration |
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2008:009 | First vendor Publication | 2008-01-11 |
| Vendor | Mandriva | Last vendor Modification | 2008-01-11 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.9 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 3.4 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the default hosts map, it would allow the user to obtain root privileges (CVE-2007-5964). Likewise, the same scenario would be available for local users able to create device files on the exported filesystem which could allow the user to gain access to important system devices (CVE-2007-6285). Because the default behaviour of autofs was to mount -hosts map entries with the dev and suid options enabled by default, autofs has been altered to always use nodev and nosuid by default. In order to have the old behaviour, the configuration must now explicitly set the dev and/or suid options. This change only affects the -hosts map which corresponds to the /net entry in the default configuration. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-16 | Configuration |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10158 | |||
| Oval ID: | oval:org.mitre.oval:def:10158 | ||
| Title: | The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | ||
| Description: | The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-5964 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11457 | |||
| Oval ID: | oval:org.mitre.oval:def:11457 | ||
| Title: | The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | ||
| Description: | The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-6285 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21775 | |||
| Oval ID: | oval:org.mitre.oval:def:21775 | ||
| Title: | ELSA-2007:1176: autofs security update (Important) | ||
| Description: | The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:1176-01 CVE-2007-6285 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | autofs |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:22376 | |||
| Oval ID: | oval:org.mitre.oval:def:22376 | ||
| Title: | ELSA-2007:1128: autofs security update (Important) | ||
| Description: | The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:1128-02 CVE-2007-5964 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | autofs |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for autofs MDVSA-2008:009 (autofs) File : nvt/gb_mandriva_MDVSA_2008_009.nasl |
| 2009-04-09 | Name : Mandriva Update for autofs MDVSA-2008:009-1 (autofs) File : nvt/gb_mandriva_MDVSA_2008_009_1.nasl |
| 2009-03-06 | Name : RedHat Update for autofs RHSA-2007:1128-01 File : nvt/gb_RHSA-2007_1128-01_autofs.nasl |
| 2009-03-06 | Name : RedHat Update for autofs5 RHSA-2007:1129-01 File : nvt/gb_RHSA-2007_1129-01_autofs5.nasl |
| 2009-03-06 | Name : RedHat Update for autofs RHSA-2007:1176-01 File : nvt/gb_RHSA-2007_1176-01_autofs.nasl |
| 2009-03-06 | Name : RedHat Update for autofs5 RHSA-2007:1177-01 File : nvt/gb_RHSA-2007_1177-01_autofs5.nasl |
| 2009-02-27 | Name : CentOS Update for autofs5 CESA-2007:1177 centos4 i386 File : nvt/gb_CESA-2007_1177_autofs5_centos4_i386.nasl |
| 2009-02-27 | Name : CentOS Update for autofs5 CESA-2007:1177 centos4 x86_64 File : nvt/gb_CESA-2007_1177_autofs5_centos4_x86_64.nasl |
| 2009-02-27 | Name : Fedora Update for autofs FEDORA-2007-4469 File : nvt/gb_fedora_2007_4469_autofs_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for autofs FEDORA-2007-4532 File : nvt/gb_fedora_2007_4532_autofs_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for autofs FEDORA-2007-4707 File : nvt/gb_fedora_2007_4707_autofs_fc8.nasl |
| 2009-02-27 | Name : Fedora Update for autofs FEDORA-2007-4709 File : nvt/gb_fedora_2007_4709_autofs_fc7.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 40442 | Red Hat Enterprise Linux autofs5 nodev Local Restriction Bypass |
| 40441 | Red Hat Enterprise Linux autofs /net Local Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-1177.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-1176.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-1129.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-1128.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-1129.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20071212_autofs_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-1176.nasl - Type : ACT_GATHER_INFO |
| 2010-01-06 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-1128.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-009.nasl - Type : ACT_GATHER_INFO |
| 2007-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4707.nasl - Type : ACT_GATHER_INFO |
| 2007-12-24 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4709.nasl - Type : ACT_GATHER_INFO |
| 2007-12-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-1177.nasl - Type : ACT_GATHER_INFO |
| 2007-12-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-1176.nasl - Type : ACT_GATHER_INFO |
| 2007-12-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-1177.nasl - Type : ACT_GATHER_INFO |
| 2007-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4532.nasl - Type : ACT_GATHER_INFO |
| 2007-12-17 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4469.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-1128.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-1129.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:39:07 |
|
