CVE-2007-6285 — Redhat Enterprise Linux vulnerability

CWE-165 documents5 sources

Severity

6.2MEDIUMNVD

EPSS

0.1%

top 74.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Linux Debian Autofs

Timeline

PublishedDec 20

Latest updateMay 1

Description

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶debiandebian/autofs

Also affects: Enterprise Linux 4.0, 5.0

🔴Vulnerability Details

GHSA

GHSA-prgm-j9hg-36mh: The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the no↗2022-05-01

▶

📋Vendor Advisories

Red Hat

autofs default doesn't set nodev in /net↗2007-12-20

▶

Debian

CVE-2007-6285: autofs - The default configuration for autofs 5 (autofs5) in some Linux distributions, su...↗2007

▶

💬Community

Bugzilla

CVE-2007-6285 autofs default doesn't set nodev in /net↗2007-12-19

▶