Automountd Service Running - Privilege Escalation Risk

漏洞信息

漏洞名称： Automountd Service Running - Privilege Escalation Risk

漏洞类型： 权限提升

漏洞等级： 高危

漏洞描述： 该漏洞涉及Linux系统中的automountd服务，该服务用于自动挂载文件系统，常见于需要频繁访问远程文件系统的企业环境中。由于automountd服务在运行时存在配置不当的问题，本地攻击者可以利用自动挂载选项执行任意命令，从而获得root权限。这种配置错误可能导致本地权限提升，严重威胁系统安全。漏洞的技术根源在于automountd服务对挂载选项的处理不当，未能充分验证和限制用户提供的挂载参数，使得攻击者能够注入恶意命令。此漏洞的影响极为严重，因为它允许本地用户无需任何认证即可提升至最高权限，进而完全控制系统。攻击者可以利用此漏洞进行数据泄露、服务中断或其他恶意活动。由于漏洞利用条件简单且自动化工具易于开发，该漏洞被评级为高危。

产品名称： automountd

来源： https://github.com/projectdiscovery/nuclei-templates/blob/1dc5e4c5a7e3689548a72d7cb2a00b803fccc824/misconfiguration%2Flinux%2Flinux-automountd-enabled.yaml

类型： projectdiscovery/nuclei-templates:github issues

POC详情

id: linux-automountd-enabled

info:
  name: Automountd Service Running - Privilege Escalation Risk
  author: songyaeji
  severity: high
  description: >
    If the automountd service is enabled, a local attacker may execute arbitrary commands using root privileges
    by exploiting automatic mount options. This misconfiguration can lead to local privilege escalation.
  reference:
    - https://isms.kisa.or.kr
    - Cloud Vulnerability Assessment Guide(2024) by KISA
  tags: linux,automountd,service,privilege-escalation,misconfiguration,local
  metadata:
    verified: true
    os: linux
    max-request: 1
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cwe-id: CWE-269

self-contained: true

code:
  - engine:
      - bash
    source: |
      if ps -ef | grep -v grep | grep -q automountd; then
        echo "[VULNERABLE] automountd service is running"
      else
        echo "[SAFE] automountd service is not running"
      fi
    matchers:
      - type: word
        part: code_1_response
        words:
          - "[VULNERABLE] automountd service is running"