Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:1129

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.59985

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2007:1129

Summary: NOSUMMARY

Description: Description:

The remote host is missing updates announced in
advisory RHSA-2007:1129.

The autofs utility controls the operation of the automount daemon, which
automatically mounts and unmounts file systems after a period of
inactivity. The autofs version 5 package was made available as a
technology preview in Red Hat Enterprise Linux version 4.6.

There was a security issue with the default installed configuration of
autofs version 5 whereby the entry for the hosts map did not specify the
nosuid mount option. A local user with control of a remote nfs server
could create a setuid root executable within an exported filesystem on the
remote nfs server that, if mounted using the default hosts map, would allow
the user to gain root privileges. (CVE-2007-5964)

Due to the fact that autofs version 5 always mounted hosts map entries suid
by default, autofs has now been altered to always use the nosuid option
when mounting from the default hosts map. The suid option must be
explicitly given in the master map entry to revert to the old behavior.
This change affects only the hosts map which corresponds to the /net entry
in the default configuration.

Users are advised to upgrade to these updated autofs5 packages, which
resolve this issue.

Red Hat would like to thank Josh Lange for reporting this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-1129.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5964
1019087
http://securitytracker.com/id?1019087
26841
http://www.securityfocus.com/bid/26841
28052
http://secunia.com/advisories/28052
28097
http://secunia.com/advisories/28097
28456
http://secunia.com/advisories/28456
40441
http://osvdb.org/40441
FEDORA-2007-4469
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00474.html
FEDORA-2007-4532
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00549.html
MDVSA-2008:009
http://www.mandriva.com/security/advisories?name=MDVSA-2008:009
RHSA-2007:1128
http://www.redhat.com/support/errata/RHSA-2007-1128.html
RHSA-2007:1129
http://www.redhat.com/support/errata/RHSA-2007-1129.html
https://bugzilla.redhat.com/show_bug.cgi?id=409701
https://bugzilla.redhat.com/show_bug.cgi?id=410031
oval:org.mitre.oval:def:10158
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10158

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.59985
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:1129
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:1129. The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. The autofs version 5 package was made available as a technology preview in Red Hat Enterprise Linux version 4.6. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the hosts map did not specify the nosuid mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs version 5 always mounted hosts map entries suid by default, autofs has now been altered to always use the nosuid option when mounting from the default hosts map. The suid option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs5 packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1129.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.9
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5964 1019087 http://securitytracker.com/id?1019087 26841 http://www.securityfocus.com/bid/26841 28052 http://secunia.com/advisories/28052 28097 http://secunia.com/advisories/28097 28456 http://secunia.com/advisories/28456 40441 http://osvdb.org/40441 FEDORA-2007-4469 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00474.html FEDORA-2007-4532 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00549.html MDVSA-2008:009 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 RHSA-2007:1128 http://www.redhat.com/support/errata/RHSA-2007-1128.html RHSA-2007:1129 http://www.redhat.com/support/errata/RHSA-2007-1129.html https://bugzilla.redhat.com/show_bug.cgi?id=409701 https://bugzilla.redhat.com/show_bug.cgi?id=410031 oval:org.mitre.oval:def:10158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10158
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com