Free vulnerability management software

Mageni is a free, open-source, and powerful vulnerability management platform that takes the pain out of cybersecurity and vulnerability management.

Download Now
App screenshot

CentOS Update for autofs5 CESA-2007:1177 centos4 i386

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.9

CVSSv2 Vector

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

4 years ago

Summary

Check for the Version of autofs5

Insight

Insight

The autofs utility controls the operation of the automount daemon, which automatically mounts file systems when you use them, and unmounts them when you are not using them. This can include network file systems and CD-ROMs. The autofs5 packages were made available as a technology preview in Red Hat Enterprise Linux 4.6. There was a security issue with the default configuration of autofs version 5, whereby the entry for the &quot -hosts&quot map did not specify the &quot nodev&quot mount option. A local user with control of a remote NFS server could create special device files on the remote file system, that if mounted using the default &quot -hosts&quot map, could allow the user to access important system devices. (CVE-2007-6285) This issue is similar to CVE-2007-5964, which fixed a missing &quot nosuid&quot mount option in autofs. Both the &quot nodev&quot and &quot nosuid&quot options should be enabled to prevent a possible compromise of machine integrity. Due to the fact that autofs always mounted &quot -hosts&quot map entries &quot dev&quot by default, autofs has now been altered to always use the &quot nodev&quot option when mounting from the default &quot -hosts&quot map. The &quot dev&quot option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the &quot -hosts&quot map which corresponds to the &quot /net&quot entry in the default configuration. All autofs5 users are advised to upgrade to these updated packages, which resolve this issue. Red Hat would like to thank Tim Baum for reporting this issue.

Affected Software

Affected Software

autofs5 on CentOS 4

Solution

Solution

Please Install the Updated Packages.

Common Vulnerabilities and Exposures (CVE)

Ease with a few clicks your vulnerability scanning, assessment and management process

Mageni is a free and open-source vulnerability management software. Download it now.

1. Download Multipass

sudo snap install multipass

2. Launch a multipass instance

multipass launch -c 2 -m 6G -d 20G -n mageni 20.04 && multipass shell mageni

3. Install Mageni

curl -sL https://www.mageni.net/installation | sudo bash

1. If you don’t have it already, install Brew. Then, to install Multipass simply execute:

brew install --cask multipass

2. Launch a multipass instance

multipass launch -c 2 -m 6G -d 20G -n mageni 20.04 && multipass shell mageni

2. Install Mageni

curl -sL https://www.mageni.net/installation | sudo bash

1. Download the installer for Windows

Note: You need Windows 10 Pro/Enterprise/Education v 1803 or later, or any Windows 10 with VirtualBox

2. Ensure your network is private

Make sure your local network is designated as private, otherwise Windows prevents Multipass from starting.

3. Run the installer

You need to allow the installer to gain Administrator privileges.

4. Launch a multipass instance

multipass launch -c 2 -m 6G -d 20G -n mageni 20.04

5. Log into the multipass instance

multipass shell mageni

6. Install Mageni

curl -sL https://www.mageni.net/installation | sudo bash