Lucene search

[email protected]NVD:CVE-2007-5191

HistoryOct 04, 2007 - 4:17 p.m.

CVE-2007-5191

2007-10-0416:17:00

CWE-252

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

34.0%

JSON

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Affected configurations

Nvd

Node

kernelutil-linuxRange≤2.13.1.1

loop-aes-utils_projectloop-aes-utilsMatch-

Node

fedoraprojectfedoraMatch7

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch6.10

canonicalubuntu_linuxMatch7.04

Node

debiandebian_linuxMatch3.1

References

bugs.gentoo.org/show_bug.cgi?id=195390

frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

lists.vmware.com/pipermail/security-announce/2008/000002.html

secunia.com/advisories/27104

secunia.com/advisories/27122

secunia.com/advisories/27145

secunia.com/advisories/27188

secunia.com/advisories/27283

secunia.com/advisories/27354

secunia.com/advisories/27399

secunia.com/advisories/27687

secunia.com/advisories/28348

secunia.com/advisories/28349

secunia.com/advisories/28368

secunia.com/advisories/28469

security.gentoo.org/glsa/glsa-200710-18.xml

support.avaya.com/elmodocs2/security/ASA-2008-023.htm

www.debian.org/security/2008/dsa-1449

www.debian.org/security/2008/dsa-1450

www.redhat.com/support/errata/RHSA-2007-0969.html

www.securityfocus.com/archive/1/485936/100/0/threaded

www.securityfocus.com/archive/1/486859/100/0/threaded

www.securityfocus.com/bid/25973

www.securitytracker.com/id?1018782

www.ubuntu.com/usn/usn-533-1

www.vmware.com/security/advisories/VMSA-2008-0001.html

www.vupen.com/english/advisories/2007/3417

www.vupen.com/english/advisories/2008/0064

bugzilla.redhat.com/show_bug.cgi?id=320041

issues.rpath.com/browse/RPL-1757

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

34.0%

JSON

Related for NVD:CVE-2007-5191

securityvulns6 openvas14 nessus13 veracode1 fedora2 centos1 prion1 osv2 gentoo1 cve1 cvelist1 debiancve1 debian2 ubuntu1 oraclelinux1 ubuntucve1 redhat1 vmware2