CVE-2007-6285

Name: CVE-2007-6285
Creator: NVD / NIST
Published: 2007-12-20T22:46:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.36%

Last modified Jun 16, 2026

CVE-2007-6285 is a vulnerability of currently unknown severity. The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.

Description

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device.

Metrics

EPSS Probability

0.36%

27.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-16

Affected Software

Vendor	Product	Versions
Redhat	Enterprise Linux	4.0
Redhat	Enterprise Linux	5.0

References

Timeline

Published: Dec 20, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-6285?

How severe is CVE-2007-6285?

Severity scoring for CVE-2007-6285 is pending analysis. The EPSS model estimates a 0.36% probability of exploitation in the next 30 days.

How do I fix CVE-2007-6285?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-6285?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST