Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6285

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2007-6285
Last Modified 16 Nov 2010 12:00:00
Published 20 Dec 2007 05:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2007-6285

Summary

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 4.0

  • Redhat Enterprise Linux 5.0


References

FEDORA - FEDORA-2007-4709

FEDORA - FEDORA-2007-4707

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=426218

XF - autofs-hostsmap-weak-securtiy(39188)

BID - 26970

MANDRIVA - MDVSA-2008:009

SECTRACK - 1019137

SECUNIA - 28456

SECUNIA - 28168

SECUNIA - 28156

REDHAT - RHSA-2007:1177

REDHAT - RHSA-2007:1176

OSVDB - 40442


Last Updated: 27 May 2016 10:46:26