Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mandriva Update for autofs MDVSA-2008:009-1 (autofs)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of autofs
Insight
Insight
The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the default hosts map, it would allow the user to obtain root privileges (CVE-2007-5964). Likewise, the same scenario would be available for local users able to create device files on the exported filesystem which could allow the user to gain access to important system devices (CVE-2007-6285). Because the default behaviour of autofs was to mount -hosts map entries with the dev and suid options enabled by default, autofs has been altered to always use nodev and nosuid by default. In order to have the old behaviour, the configuration must now explicitly set the dev and/or suid options. This change only affects the -hosts map which corresponds to the /net entry in the default configuration. Update: The previous update shipped with an incorrect LDAP lookup module that would prevent the automount daemon from starting. This update corrects that problem.
Affected Software
Affected Software
autofs on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64
Solution
Solution
Please Install the Updated Packages.