CentOS 5 : autofs (CESA-2007:1176)

Updated autofs packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the operation of the automount daemon, which automatically mounts...

Mandriva Linux Security Advisory : autofs (MDVSA-2008:009-1)

The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the...

Mandriva Update for autofs MDVSA-2008:009-1 (autofs)

Check for the Version of autofs OpenVAS Vulnerability Test Mandriva Update for autofs MDVSA-2008:009-1 autofs Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

autofs privilege escalation

nosuid and nodev flags are not specified for NFS...

Fedora 8 : autofs-5.0.2-24 (2007-4707)

Fri Dec 21 2007 Ian Kent - 5.0.2-24 - Bug 426400: CVE-2007-6285 autofs default doesn't set nodev in /net f8 - use mount option 'nodev' for '-hosts' map unless 'dev' is explicily specified. - Tue Dec 18 2007 Ian Kent - 5.0.2-22 - Bug 397591 SELinux is preventing /sbin/rpc.statd rpcdt 'search' to...

CVE-2007-6285

The default configuration for autofs 5 autofs5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special devic...

autofs default doesn't set nodev in /net

The default configuration for autofs 5 autofs5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special devic...

autofs default doesn't set nodev in /net

The default configuration for autofs 5 autofs5 in some Linux distributions, such as Red Hat Enterprise Linux RHEL 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special devic...

Important: Red Hat Security Advisory: autofs security update

Updated autofs packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The autofs utility controls the operation of the automount daemon, which automatically mounts...

security flaw

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r remount option, which causes the file system to be remounted with just the read-only flag, which effectively clears the...

util-linux: umount command validation error

Background util-linux is a suite of useful Linux programs including umount, a program used to unmount filesystems. Description When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem...

DEBIAN-CVE-2005-2876

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r remount option, which causes the file system to be remounted with just the read-only flag, which effectively clears the...

CVE-2005-2876

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r remount option, which causes the file system to be remounted with just the read-only flag, which effectively clears the...

CVE-2003-0335

rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec...