Описание
ELSA-2007-1176: Important: autofs security update (IMPORTANT)
[5.0.1-0.rc2.55.el5.2]
- Bug 426219: CVE-2007-6285 autofs default doesn't set nodev in /net
[rhel-5.1.z]
- use mount option nodev for -hosts map unless dev is explicily specified.
- Related: rhbz#426219
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
autofs
5.0.1-0.rc2.55.el5.2
Oracle Linux i386
autofs
5.0.1-0.rc2.55.el5.2
Связанные CVE
Связанные уязвимости
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
The default configuration for autofs 5 (autofs5) in some Linux distrib ...
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации