AXSA:2008-25:01

リリース日: 
2008/02/29 Friday - 14:15
題名: 
autofs-5.0.1-0.rc2.55.2
影響のあるチャネル: 
Asianux Server 3 for ia64
Asianux Server 3 for ppc
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network filesystems, CD-ROMs, floppies, and so forth.
There was a security issue with the default configuration of autofs version 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount option. A local user with control of a remote NFS server could create special device files on the remote file system, that if mounted using the default "-hosts" map, could allow the user to access important system devices. (CVE-2007-6285)
This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" mount option in autofs. Both the "nodev" and "nosuid" options should be enabled to prevent a possible compromise of machine integrity.
Due to the fact that autofs always mounted "-hosts" map entries "dev" by default, autofs has now been altered to always use the "nodev" option when mounting from the default "-hosts" map. The "dev" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the "-hosts" map which corresponds to the "/net" entry in the default configuration.

解決策: 

パッケージをアップデートしてください

追加情報: 

N/A

ダウンロード: 
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//3869_autofs.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//3869_autofs.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//3869_autofs.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//3869_autofs.txt
Copyright© 2007-2015 Asianux. All rights reserved.