CVE-2007-6285

Name of the Vulnerable Software and Affected Versions: autofs5 versions 5.0.1 Red Hat Enterprise Linux versions 4 and 5

Description: The issue affects the default configuration of autofs5 in certain Linux distributions, including Red Hat Enterprise Linux. It allows local users to access sensitive devices by operating a remote NFS server and creating special device files on that server. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations: For autofs5 version 5.0.1, consider adding the nodev mount option for the -hosts map to prevent local users from accessing sensitive devices. For Red Hat Enterprise Linux versions 4 and 5, update the autofs5 configuration to include the nodev mount option for the -hosts map. As a temporary workaround, consider restricting access to the autofs5 service until a patch is available.