CVE-2007-6283

2007-12-1801:46:00

CWE-200

[email protected]

web.nvd.nist.gov

red hat

enterprise linux

fedora

bind

rndc.key

permissions

vulnerability

nvd

5.8 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

29.2%

JSON

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq5.0
fedoraproject:fedora_corefedoraproject fedora coreeq*
oracle:linuxoracle linuxeq5.0
centos:centoscentoseq5
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_for_power_big_endianredhat enterprise linux for power big endianeq5.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq5.0
redhat:enterprise_linux_for_ibm_z_systemsredhat enterprise linux for ibm z systemseq5.0_s390x

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	5.0
fedoraproject:fedora_core	fedoraproject fedora core	eq	*
oracle:linux	oracle linux	eq	5.0
centos:centos	centos	eq	5
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_for_power_big_endian	redhat enterprise linux for power big endian	eq	5.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	5.0
redhat:enterprise_linux_for_ibm_z_systems	redhat enterprise linux for ibm z systems	eq	5.0_s390x