Vulnerability Details : CVE-2007-6285
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
Products affected by CVE-2007-6285
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6285
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6285
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST |
CWE ids for CVE-2007-6285
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6285
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00732.html
-
http://securitytracker.com/id?1019137
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00726.html
-
http://rhn.redhat.com/errata/RHSA-2007-1176.html
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11457
-
https://bugzilla.redhat.com/show_bug.cgi?id=426218
-
http://rhn.redhat.com/errata/RHSA-2007-1177.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39188
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:009
Mandriva
-
http://www.securityfocus.com/bid/26970
Jump to