 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.59985 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2007:1129 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2007:1129. The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. The autofs version 5 package was made available as a technology preview in Red Hat Enterprise Linux version 4.6. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the hosts map did not specify the nosuid mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs version 5 always mounted hosts map entries suid by default, autofs has now been altered to always use the nosuid option when mounting from the default hosts map. The suid option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs5 packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1129.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 6.9 |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-5964 1019087 http://securitytracker.com/id?1019087 26841 http://www.securityfocus.com/bid/26841 28052 http://secunia.com/advisories/28052 28097 http://secunia.com/advisories/28097 28456 http://secunia.com/advisories/28456 40441 http://osvdb.org/40441 FEDORA-2007-4469 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00474.html FEDORA-2007-4532 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00549.html MDVSA-2008:009 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 RHSA-2007:1128 http://www.redhat.com/support/errata/RHSA-2007-1128.html RHSA-2007:1129 http://www.redhat.com/support/errata/RHSA-2007-1129.html https://bugzilla.redhat.com/show_bug.cgi?id=409701 https://bugzilla.redhat.com/show_bug.cgi?id=410031 oval:org.mitre.oval:def:10158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10158 |
| Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |