CVE-2007-6283: Infoleak
First published: Tue Dec 18 2007(Updated: )
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fedora Core | ||
| Red Hat Enterprise Linux | =5.0 | |
| Oracle Linux | =5.0 | |
| CentOS | =5 | |
| Red Hat Enterprise Linux Desktop | =5.0 | |
| Red Hat Enterprise Linux for IBM Z Systems | =5.0_s390x | |
| Red Hat Enterprise Linux for Power, big endian | =5.0 | |
| Red Hat Enterprise Linux Server | =5.0 | |
| Red Hat Enterprise Linux Workstation | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html
- http://secunia.com/advisories/28180
- http://www.redhat.com/support/errata/RHSA-2008-0300.html
- http://secunia.com/advisories/30313
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977
Frequently Asked Questions
What is the severity of CVE-2007-6283?
CVE-2007-6283 has a moderate severity level due to the risk of unauthorized access and denial of service by local users.
How do I fix CVE-2007-6283?
To fix CVE-2007-6283, change the permissions of the /etc/rndc.key file to restrict access to authorized users only.
Which systems are affected by CVE-2007-6283?
CVE-2007-6283 affects Red Hat Enterprise Linux 5, Fedora Core, CentOS 5, and Oracle Linux 5.
What impact does CVE-2007-6283 have on affected systems?
CVE-2007-6283 allows local users to execute unauthorized named commands, potentially leading to a denial of service.
Is there a patch available for CVE-2007-6283?
Yes, patches are available through the system's package manager for affected versions of the software.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/fedoraproject
- canonical/fedora core
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/5.0
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/5.0
- vendor/centos
- canonical/centos
- version/centos/5
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/5.0
- canonical/red hat enterprise linux for ibm z systems
- version/red hat enterprise linux for ibm z systems/5.0_s390x
- canonical/red hat enterprise linux for power, big endian
- version/red hat enterprise linux for power, big endian/5.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/5.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/5.0