Detections
Analytics
Oracle Linux 7 : autofs (ELSA-2015-2417)
high Nessus Plugin ID 87040
Language:
Synopsis
The remote Oracle Linux host is missing a security update.Description
The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-2417 advisory.[5.0.7-54.0.1]
- add autofs-5.0.5-lookup-mounts.patch [Orabug:12658280] (Bert Barbe)
[1:5.0.7-54]
- bz1263508 - Heavy program map usage can lead to a hang
- fix out of order call in program map lookup.
- Resolves: rhbz#1263508
[1:5.0.7-53]
- bz1238573 - RFE: autofs MAP_HASH_TABLE_SIZE description
- update map_hash_table_size description.
- Resolves: rhbz#1238573
[1:5.0.7-52]
- bz1233069 - Direct map does not expire if map is initially empty
- update patch to fix expiry problem.
- Related: rhbz#1233069
[1:5.0.7-51]
- bz1233065 - 'service autofs reload' does not reloads new mounts only when 'sss' or 'ldap' is used in '/etc/nsswitch.conf' file
- init qdn before use in get_query_dn().
- fix left mount count return from umount_multi_triggers().
- fix return handling in sss lookup module.
- move query dn calculation from do_bind() to do_connect().
- make do_connect() return a status.
- make connect_to_server() return a status.
- make find_dc_server() return a status.
- make find_server() return a status.
- fix return handling of do_reconnect() in ldap module.
- bz1233067 - autofs is performing excessive direct mount map re-reads
- fix direct mount stale instance flag reset.
- bz1233069 - Direct map does not expire if map is initially empty
- fix direct map expire not set for initial empty map.
- Resolves: rhbz#1233065 rhbz#1233067 rhbz#1233069
[1:5.0.7-50]
- bz1218045 - Similar but unrelated NFS exports block proper mounting of 'parent' mount point
- remove unused offset handling code.
- fix mount as you go offset selection.
- Resolves: rhbz#1218045
[1:5.0.7-49]
- bz1166457 - Autofs unable to mount indirect after attempt to mount wildcard
- make negative cache update consistent for all lookup modules.
- ensure negative cache isn't updated on remount.
- dont add wildcard to negative cache.
- bz1162041 - priv escalation via interpreter load path for program based automount maps
- add a prefix to program map stdvars.
- add config option to force use of program map stdvars.
- bz1161474 - automount segment fault in parse_sun.so for negative parser tests
- fix incorrect check in parse_mount().
- bz1205600 - Autofs stopped mounting /net/hostname/mounts after seeing duplicate exports in the NFS server
- handle duplicates in multi mounts.
- bz1201582 - autofs: MAPFMT_DEFAULT is not macro in lookup_program.c
- fix macro usage in lookup_program.c.
- Resolves: rhbz#1166457 rhbz#1162041 rhbz#1161474 rhbz#1205600 rhbz#1201582
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected autofs package.See Also
Plugin Details
Severity: High
ID: 87040
File Name: oraclelinux_ELSA-2015-2417.nasl
Version: 1.9
Type: local
Agent: unix
Published: 11/24/2015
Updated: 4/29/2025
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.4
Temporal Score: 3.3
Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2014-8169
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:autofs, cpe:/o:oracle:linux:7
Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 11/23/2015
Vulnerability Publication Date: 3/18/2015
Reference Information
CVE: CVE-2014-8169
RHSA: 2015:2417