Описание
ELSA-2007-1128: Important: autofs security update (IMPORTANT)
[5.0.1-0.rc2.55.el5.1]
- Bug 410041: CVE-2007-5964 autofs defaults don't restrict suid in /net
- use mount option nosuid for -hosts map unless suid is explicily specified.
- Related: rhbz#410041
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
autofs
5.0.1-0.rc2.55.el5.1
Oracle Linux i386
autofs
5.0.1-0.rc2.55.el5.1
Связанные CVE
Связанные уязвимости
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.
The default configuration of autofs 5 in some Linux distributions, suc ...
The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.