Vulnerability Description
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora Core | All versions |
| Redhat | Enterprise Linux | 5.0 |
| Oracle | Linux | 5.0 |
| Centos | Centos | 5 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 5.0_s390x |
| Redhat | Enterprise Linux For Power Big Endian | 5.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28180Third Party Advisory
- http://secunia.com/advisories/30313Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0300.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283Issue TrackingVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.hVendor Advisory
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.hVendor Advisory
- http://secunia.com/advisories/28180Third Party Advisory
- http://secunia.com/advisories/30313Third Party Advisory
- http://www.redhat.com/support/errata/RHSA-2008-0300.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283Issue TrackingVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.hVendor Advisory
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.hVendor Advisory
FAQ
What is CVE-2007-6283?
CVE-2007-6283 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of ...
How severe is CVE-2007-6283?
CVE-2007-6283 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6283?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora Core, Redhat Enterprise Linux, Oracle Linux, Centos Centos, Redhat Enterprise Linux Desktop.