CVE-2007-6285
Description
Autofs5 default configuration omits nodev mount option for -hosts map, allowing local users to access sensitive devices via a malicious NFS server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Autofs5 default configuration omits nodev mount option for -hosts map, allowing local users to access sensitive devices via a malicious NFS server.
Vulnerability
In autofs5 versions as shipped with Red Hat Enterprise Linux 4 and 5, the default configuration for the -hosts map does not include the nodev mount option [1][2]. This allows a remote NFS server to present special device files (e.g., /dev/mem) within the exported filesystem.
Exploitation
A local user on the autofs client can mount an NFS share from a remote server under the /net directory (since autofs automatically mounts when accessed). By operating a malicious NFS server that exports a filesystem containing device nodes, the attacker can access those devices on the client.
Impact
Successful exploitation grants the local user access to sensitive devices such as /dev/mem, potentially allowing them to read kernel memory, escalate privileges, or corrupt system memory [3]. This is a privilege escalation vulnerability.
Mitigation
Red Hat has issued updates: RHSA-2007-1177 for RHEL 4 and RHSA-2007-1176 for RHEL 5 [1][2]. The fix modifies the default autofs configuration to include the nodev option. Alternatively, administrators can manually add nodev to the -hosts map options in /etc/autofs/auto.master or /etc/auto.master.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- secunia.com/advisories/28156nvdVendor Advisory
- secunia.com/advisories/28168nvdVendor Advisory
- secunia.com/advisories/28456nvdVendor Advisory
- osvdb.org/40442nvd
- rhn.redhat.com/errata/RHSA-2007-1176.htmlnvd
- rhn.redhat.com/errata/RHSA-2007-1177.htmlnvd
- securitytracker.com/idnvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/26970nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39188nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11457nvd
- www.redhat.com/archives/fedora-package-announce/2007-December/msg00726.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2007-December/msg00732.htmlnvd
News mentions
0No linked articles in our index yet.