Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5964

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-5964
Last Modified 21 Aug 2010 12:00:00
Published 13 Dec 2007 01:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5964

Summary

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5.0


References

FEDORA - FEDORA-2007-4532

FEDORA - FEDORA-2007-4469

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=410031

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=409701

BID - 26841

REDHAT - RHSA-2007:1129

REDHAT - RHSA-2007:1128

MANDRIVA - MDVSA-2008:009

SECTRACK - 1019087

SECUNIA - 28456

SECUNIA - 28097

SECUNIA - 28052

OSVDB - 40441


Last Updated: 27 May 2016 10:46:20