LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

autofs: privilege escalation

Package(s):autofs CVE #(s):CVE-2007-6285
Created:December 21, 2007 Updated:January 14, 2008
Description: The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
Alerts:
Mandriva MDVSA-2008:009-1 2007-01-12
Mandriva MDVSA-2008:009 2007-01-11
Fedora FEDORA-2007-4707 2007-12-21
Fedora FEDORA-2007-4709 2007-12-21
Red Hat RHSA-2007:1177-01 2007-12-20
Red Hat RHSA-2007:1176-01 2007-12-20
(Log in to post comments)

autofs: privilege escalation

Posted Jan 15, 2008 20:25 UTC (Tue) by kreutzm (subscriber, #4700) [Link]

Debian Sarge and Etch are not vulnerable.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds