Lucene search

[email protected]CVE-2007-0536

HistoryJan 27, 2007 - 12:28 a.m.

CVE-2007-0536

2007-01-2700:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0536

chroot helper

rmake

rpath linux 1

insecure permissions

local users

gain privileges

nvd

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.

CPENameOperatorVersion
rpath:rpath_linuxrpath rpath linuxeq1

CPE	Name	Operator	Version
rpath:rpath_linux	rpath rpath linux	eq	1

References

lists.rpath.com/pipermail/security-announce/2007-January/000137.html

osvdb.org/32972

secunia.com/advisories/23922

exchange.xforce.ibmcloud.com/vulnerabilities/31942

issues.rpath.com/browse/RPL-987

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2007-0536

prion2 cve1 securityvulns1