CVE-2024-34477

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34477
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34477.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-34477
Published
2024-05-27T14:15:09Z
Modified
2025-01-08T09:52:28.116146Z
Summary
[none]
Details

configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of norootsquash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.

References

Affected packages

Git / github.com/fogproject/fogproject

Affected ranges

Type
GIT
Repo
https://github.com/fogproject/fogproject
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

1.*

1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.5.1
1.5.10
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.5.9-RC1
1.5.9-RC2