REDHAT-BUG-410031
First published: Tue Dec 04 2007(Updated: )
Reported to the Red Hat Security Response Team via secalert: "A stock install of RHEL5 and Fedora 8 (and possibly earlier versions) have /net managed by autofs (look at /etc/auto.master). Unfortunately, the "nosuid" mount option is not specified, meaning that any system auto-mounted under /net may have arbitrary suid root binaries. How to exploit this vulnerability: An attacker can set up an NFS server on a remote host, and connect to the vulnerable system with an unprivileged user account. <span class="quote">>From here, the attacker can change directory to /net/remote.host.tld/export</span> on the vulnerable system, and execute arbitrary "setuid root" binaries that they have placed on their nfs server." Acknowledgements: Red Hat would like to thank Josh Lange for reporting this issue.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | >=5 | |
| Red Hat Fedora Core | >=8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-bugzilla
- alias/CVE-2007-5964
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/references
- agent/severity
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat enterprise linux
- canonical/red hat fedora core