Debian Autofs vulnerabilities

CVE-2014-8169 [MEDIUM] CVE-2014-8169: autofs - automount 5.0.8, when a program map uses certain interpreted languages, uses the... automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. Scope: local bookworm: resolved (fixed in 5.0.8-2) bullseye: reso

CVE-2012-2697 [MEDIUM] CVE-2012-2697: autofs - Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) ... Unspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map." Scope: local bookworm: resolved (fixed in 5.0.6-1) bullseye: resolved (fixed in 5.0.6-1) forky: resolv

CVE-2007-5964 [MEDIUM] CVE-2007-5964: autofs - The default configuration of autofs 5 in some Linux distributions, such as Red H... The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. Scope: local bookworm: resolved (fixed in 3.1.4-8) bullseye: resolved (fixed in 3.1.4-8) forky: resolved (fix

CVE-2007-6285 [MEDIUM] CVE-2007-6285: autofs - The default configuration for autofs 5 (autofs5) in some Linux distributions, su... The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. Scop