CVE-2024-34477

Name of the Vulnerable Software and Affected Versions FOG versions 1.5.10 and earlier

Description The issue allows local users to gain privileges by mounting a crafted NFS share due to the lack of no root squash and insecure settings. To exploit this, an attacker must mount an NFS share and add an executable file as root, then add the SUID bit to this file.

Recommendations For FOG versions 1.5.10 and earlier, consider disabling the configureNFS function in lib/common/functions.sh until a patch is available to prevent local users from gaining privileges. Restrict access to mounting NFS shares to minimize the risk of exploitation. Avoid using the SUID bit on executable files in the affected NFS share until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.