Red Hat Enterprise Linux autofs hosts map weak security
| autofs-hostsmap-weak-security (39188) |  Low Risk |
Description:
autofs running on Red Hat Enterprise Linux could provide weaker than expected security. The host map configuration file does not include to nodev mount option. By creating special device files on a remote NFS server, a local attacker could exploit this vulnerability to access restricted system devices.
*CVSS:
| Base Score: | 1.9 |
| Access Vector: | Local |
| Access Complexity: | Medium |
| Authentication: | None |
| Confidentiality Impact: | None |
| Integrity Impact: | Partial |
| Availability Impact: | None |
| Temporal Score: | 1.4 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Privileges
Remedy:
Apply the appropriate update for your system. See References.
References:
- Red Hat Bugzilla Bug 426218: CVE-2007-6285 autofs default doesn't set nodev in /net.
- ASA-2008-009: autofs5 security update (RHSA-2007-1177)
- BID-26970: autofs nodev Mount Option Privilege Escalation Vulnerability
- CVE-2007-6285: The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access important devices by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
- MDVSA-2008:009: Updated autofs packages fix insecure hosts configuration
- MDVSA-2008:009-1: Updated autofs packages fix insecure hosts configuration
- RHSA-2007-1176: Important: autofs security update
- RHSA-2007-1177: Important: autofs5 security update
- SA28156: Red Hat autofs "nodev" Security Bypass Vulnerability
- SECTRACK ID: 1019137: autofs Lets Local Users Gain Elevated Privileges
Platforms Affected:
- Autofs autofs 5
- MandrakeSoft Mandrake Linux 2007 X86_64
- MandrakeSoft Mandrake Linux 2007
- MandrakeSoft Mandrake Linux 2007.1 X86_64
- MandrakeSoft Mandrake Linux 2007.1
- MandrakeSoft Mandrake Linux 2008.0 X86_64
- MandrakeSoft Mandrake Linux 2008.0
- RedHat Enterprise Linux 4 WS
- RedHat Enterprise Linux 4 ES
- RedHat Enterprise Linux 4 AS
- RedHat Enterprise Linux 4 Desktop
- RedHat Enterprise Linux 5 Client
- RedHat Enterprise Linux 5
Reported:
Dec 19, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.