Detections
Analytics

Oracle Linux 6 : autofs (ELSA-2015-1344)

high Nessus Plugin ID 85100

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-1344 advisory.

 [5.0.5-113.0.1]
 - add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280] (Bert Barbe) use tcp instead of udp

 [5.0.5-113]
 - bz1201195 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c
 - fix macro usage in lookup_program.c.
 - Resolves: rhbz#1201195

 [5.0.5-112]
 - bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server
 - fix use after free in patch to handle duplicate in multi mounts.
 - change log messages to try and make them more sensible.
 - fix log entry for rev 5.0.5-111 below.
 - Related: rhbz#1124083

 [5.0.5-111]
 - bz1153130 - autofs-5.0.5-109 with upgrade to RHEL 6.6 no longer recognizes +yp: in auto.master
 - fix fix master map type check.
 - bz1156387 - autofs /net maps do not refresh list of shares exported on the NFS server
 - fix typo in update_hosts_mounts().
 - fix hosts map update on reload.
 - bz1160446 - priv escalation via interpreter load path for program based automount maps
 - add a prefix to program map stdvars.
 - add config option to force use of program map stdvars.
 - bz1175671 - automount segment fault in parse_sun.so for negative parser tests
 - fix incorrect check in parse_mount().
 - bz1124083 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server
 - fix fix map entry duplicate offset detection (dependednt patch).
 - handle duplicates in multi mounts.
 - Resolves: rhbz#1153130 rhbz#1156387 rhbz#1160446 rhbz#1175671 rhbz#1124083

 [5.0.5-110]
 - bz1163957 - Autofs unable to mount indirect after attempt to mount wildcard
 - make negative cache update consistent for all lookup modules.
 - ensure negative cache isn't updated on remount.
 - dont add wildcard to negative cache.
 - Resolves: rhbz#1163957

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected autofs package.

See Also

https://linux.oracle.com/errata/ELSA-2015-1344.html

Plugin Details

Severity: High

ID: 85100

File Name: oraclelinux_ELSA-2015-1344.nasl

Version: 2.9

Type: local

Agent: unix

Published: 7/30/2015

Updated: 4/29/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-8169

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:autofs, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 7/29/2015

Vulnerability Publication Date: 3/18/2015

Reference Information

CVE: CVE-2014-8169

BID: 73211

RHSA: 2015:1344