Sillygates's Journal: Zeroday privilege escalation exploit In RedHat Linux

After fooling around with one of my freshly installed, fully patched Fedora linux systems, I found a serious flaw in autofs's configuration file, which can lead to lead to a local user gaining root access without a password in an "out of the box install".

After looking further into the problem, I realized that this configuration vulnerability also affects a default load of CentOS 5 (which is a direct clone of RHEL 5, RedHat's current enterprise linux platform). Coupled with a common PHP script vulnerability, this flaw might even open the door for arbitrary code to be executed as root, from remote, on a webserver.

While /net seems like a nice little feature, it allows any user, with access minimal access on a system, to mount remote nfs filesystems. Is that really the type of power sysadmins need to give to their users?