CVE-2007-6283 — Sensitive Information Exposure in Oracle Linux

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 67.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Centos Oracle Linux Redhat Enterprise Linux +5 more

Timeline

PublishedDec 18

Latest updateMay 1

Description

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages5 packages

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

▶NVDredhat/enterprise_linux_workstation5.0

▶NVDoracle/linux5.0

▶NVDcentos/centos5

Also affects: Enterprise Linux 5.0

🔴Vulnerability Details

GHSA

GHSA-xhpj-pmgj-xvwg: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc↗2022-05-01

▶

CVEList

CVE-2007-6283: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc↗2007-12-18

▶

📋Vendor Advisories

Red Hat

bind: /etc/rndc.key has 644 permissions by default↗2007-12-13

▶

Debian

CVE-2007-6283: bind9 - Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with w...↗2007

▶

💬Community

Bugzilla

CVE-2007-6283 bind: /etc/rndc.key has 644 permissions by default↗2007-12-11

▶