Detections
Analytics

Oracle Linux 5 : autofs (ELSA-2013-0132)

critical Nessus Plugin ID 68703

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2013-0132 advisory.

 [5.0.1-0.rc2.177.0.1.el5]
 - apply fix from NetApp to use tcp before udp http://www.mail-archive.com/[email protected]/msg07910.html (Bert Barbe) [orabug 6827898]

 [5.0.1-0.rc2.177.el5]
 - bz714766 - autofs /net maps do not refresh list of shares exported on the NFS server
 - disable hosts map HUP signal update.
 - Related: rhbz#714766

 [5.0.1-0.rc2.176.el5]
 - bz859890 - no --timeout option usage demonstrated in auto.master FORMAT options man page section
 - add timeout option description to man page.
 - Resolves: rhbz#859890

 [5.0.1-0.rc2.175.el5]
 - bz845503 - autofs initscript problems
 - fix status() return code now gets lost due to adding lock file check.
 - Related: rhbz#845503

 [5.0.1-0.rc2.174.el5]
 - bz585058 - autofs5 init script times out before automount exits and incorrectly shows that autofs5 stop failed
 - fix don't wait forever for shutdown.
 - bz845503 - autofs initscript problems
 - don't unconditionaly call stop on restart.
 - fix usage message.
 - fix status return code when daemon is dead but lock file exists.
 - Related: rhbz#585058 rhbz#845503

 [5.0.1-0.rc2.173.el5]
 - bz845503 - autofs initscript problems
 - don't use status() function in restart, it can't be relied upon.
 - Related: rhbz#845503

 [5.0.1-0.rc2.172.el5]
 - bz845503 - autofs initscript problems
 - fix status call in restart must specify pid file name.
 - Related: rhbz#845503

 [5.0.1-0.rc2.171.el5]
 - bz845503 - autofs initscript problems
 - make redhat init script more lsb compliant.
 - Resolves: rhbz#845503

 [5.0.1-0.rc2.170.el5]
 - bz847101 - System unresponsiveness and CPU starvation when launching source code script
 - check negative cache much earlier.
 - dont use pthread_rwlock_tryrdlock().
 - remove state machine timed wait.
 - Related: rhbz#847101

 [5.0.1-0.rc2.169.el5]
 - bz714766 - autofs /net maps do not refresh list of shares exported on the NFS server
 - fix offset dir removal.
 - Related: rhbz#714766

 [5.0.1-0.rc2.168.el5]
 - bz585058 - autofs5 init script times out before automount exits and incorrectly shows that autofs5 stop failed
 - make autofs wait longer for shutdown.
 - Resolves: rhbz#585058

 [5.0.1-0.rc2.167.el5]
 - bz714766 - autofs /net maps do not refresh list of shares exported on the NFS server
 - fix expire race.
 - fix remount deadlock.
 - fix umount recovery of busy direct mount.
 - fix offset mount point directory removal.
 - remove move mount code.
 - fix remount of multi mount.
 - fix devce ioctl alloc path check.
 - refactor hosts lookup module.
 - remove cache update from parse_mount().
 - add function to delete offset cache entry.
 - allow update of multi mount offset entries.
 - add hup signal handling to hosts map.
 - Resolves: rhbz#714766

 [5.0.1-0.rc2.166.el5]
 - bz826633 - autofs crashes on lookup of a key containing a backslash
 - fix fix LDAP result leaks on error paths.
 - fix result null check in read_one_map().
 - Resolves: rhbz#826633

 [5.0.1-0.rc2.165.el5]
 - bz767428 - Fix autofs attempting to download entire LDAP map at startup
 - always read file maps multi map fix update.
 - report map not read when debug logging.
 - bz690404 - RFE: timeout option cannot be configured individually with multiple direct map entries
 - move timeout to map_source.
 - Resolves: rhbz#767428 rhbz#690404

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected autofs package.

See Also

https://linux.oracle.com/errata/ELSA-2013-0132.html

Plugin Details

Severity: Critical

ID: 68703

File Name: oraclelinux_ELSA-2013-0132.nasl

Version: 1.11

Type: local

Agent: unix

Published: 7/12/2013

Updated: 4/29/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2012-2697

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:autofs, cpe:/o:oracle:linux:5

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 1/12/2013

Vulnerability Publication Date: 2/24/2013

Reference Information

CVE: CVE-2012-2697

BID: 57183

RHSA: 2013:0132