Description

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.

INFO

Published Date :

2024-05-27T14:00:07.313Z

Last Modified :

2025-02-13T15:53:26.010Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34477 vulnerability.

Vendors Products
Fogproject
  • Fogproject
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34477.

URL Resource
https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html cve-icon cve-icon
https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability cve-icon cve-icon
https://github.com/FOGProject/fogproject/blob/a4bb1bf39ac53c3cbe623576915fbc3b5c80a00f/lib/common/functions.sh#L1360 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact