[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6285Date: (C)2007-12-20   (M)2023-12-22


The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.2
Exploit Score: 1.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1019137
BID-26970
SECUNIA-28156
SECUNIA-28168
SECUNIA-28456
OSVDB-40442
FEDORA-2007-4707
FEDORA-2007-4709
MDVSA-2008:009
RHSA-2007:1176
RHSA-2007:1177
autofs-hostsmap-weak-securtiy(39188)
https://bugzilla.redhat.com/show_bug.cgi?id=426218
oval:org.mitre.oval:def:11457

CPE    2
cpe:/o:redhat:enterprise_linux:4.0
cpe:/o:redhat:enterprise_linux:5.0
CWE    1
CWE-16
OVAL    2
oval:org.secpod.oval:def:301274
oval:org.secpod.oval:def:301391

© SecPod Technologies