CVE-2007-6283 : Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with w

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

Published 2007-12-18 01:46:00

Updated 2022-02-25 19:06:21

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of serviceInformation leak

Products affected by CVE-2007-6283

Redhat » Enterprise Linux » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Big Endian » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 5.0 S390x
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:5.0_s390x:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 5.0
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora Core
cpe:2.3:o:fedoraproject:fedora_core:*:*:*:*:*:*:*:*
Matching versions
Centos » Centos » Version: 5
cpe:2.3:o:centos:centos:5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2007-6283

EPSS FAQ

0.10%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 25 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-6283

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2007-6283

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2007-6283

Red Hat 2008-05-21

An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0300.html

References for CVE-2007-6283

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977

Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html

Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0300.html

Support
Vendor Advisory

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html

Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283

Issue Tracking;Vendor Advisory