CVE-2007-1507

2007-03-20T06:19:00
ID CVE-2007-1507
Type cve
Reporter NVD
Modified 2017-07-28T21:30:48

Description

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.