Back to search
CVE-2007-6285
Published: Dec 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2007-4707
vendor-advisory
x_refsource_FEDORA
40442
vdb-entry
x_refsource_OSVDB
FEDORA-2007-4709
vendor-advisory
x_refsource_FEDORA
28168
third-party-advisory
x_refsource_SECUNIA
28456
third-party-advisory
x_refsource_SECUNIA
RHSA-2007:1177
vendor-advisory
x_refsource_REDHAT
autofs-hostsmap-weak-securtiy(39188)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:11457
vdb-entry
signature
x_refsource_OVAL
RHSA-2007:1176
vendor-advisory
x_refsource_REDHAT
1019137
vdb-entry
x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=426218
x_refsource_MISC
26970
vdb-entry
x_refsource_BID
MDVSA-2008:009
vendor-advisory
x_refsource_MANDRIVA
28156
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now