Lucene search

[email protected]CVE-2007-5194

HistoryOct 04, 2007 - 5:17 p.m.

CVE-2007-5194

2007-10-0417:17:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-5194

chroot server

rmake 1.0.11

device file

permissions

local users

root privileges

nvd

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.

Affected configurations

NVD

Node

rpathrmakeMatch1.0.11

CPENameOperatorVersion
rpath:rmakerpath rmakeeq1.0.11

CPE	Name	Operator	Version
rpath:rmake	rpath rmake	eq	1.0.11

References

secunia.com/advisories/27030

www.securityfocus.com/archive/1/481395/100/0/threaded

www.securityfocus.com/bid/25899

bugs.gentoo.org/show_bug.cgi?id=194550

issues.rpath.com/browse/RMK-634

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-5194

nvd1 prion1 cvelist1