SCIENTIFIC-LINUX-ERRATA Archives

December 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
Date:
Wed, 12 Dec 2007 14:43:33 -0600
MIME-version:
1.0
Reply-To:
Troy Dawson <[log in to unmask]>
Content-type:
text/plain; format=flowed; charset=iso-8859-1
Subject:
Security ERRATA for autofs on SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Content-transfer-encoding:
7BIT
Comments:
To: "[log in to unmask]" <[log in to unmask]>
Parts/Attachments:
text/plain (31 lines) 
Synopsis:	Important: autofs security update
Issue date:	2007-12-12
CVE Names:	CVE-2007-5964

There was a security issue with the default installed configuration of
autofs version 5 whereby the entry for the "hosts" map did not specify the
"nosuid" mount option.  A local user with control of a remote nfs server
could create a setuid root executable within an exported filesystem on the
remote nfs server that, if mounted using the default hosts map, would allow
the user to gain root privileges. (CVE-2007-5964)

NOTICE:
Due to the fact that autofs always mounted hosts map entries suid by
default, autofs has now been altered to always use the "nosuid" option when
mounting from the default hosts map. The "suid" option must be explicitly
given in the master map entry to revert to the old behavior. This change
affects only the hosts map which corresponds to the /net entry in the
default configuration.

SL 5.x

    SRPMS:
autofs-5.0.1-0.rc2.55.el5.1.src.rpm
    i386:
autofs-5.0.1-0.rc2.55.el5.1.i386.rpm
    x86_64:
autofs-5.0.1-0.rc2.55.el5.1.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2