CVE-2007-1507
Published Mar 20, 2007
Last updated 7 years ago
Overview
- Description
- The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-16
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0F37635-C186-4D06-A79C-2A7AB0CFBAD9"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89E75B7E-B38C-48AD-B04F-BD705AFF2907"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F38E889-0CC0-49E1-9B6C-90D4176C06C6"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB1364B7-D564-4385-B7D7-67184E474712"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA3D7891-0B48-4C5D-B74B-6810FB4696F4"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "382FC10C-4C00-438C-89AD-7D68C5D27873"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77564116-CF64-4D8D-BA54-A8E9BCA95EDD"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "237C1DCE-D907-4552-9EC0-05209A64D0E9"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC82946D-1211-4382-8D48-5F5B55E4DF35"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06DA2004-0A16-4D10-82FF-6CB2AC578331"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E4D5363-E9B9-4B60-9B22-F6FDF3DCA6DD"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C1538B29-860C-4FF4-A807-46509FBFEC2B"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F81B547-2DE0-4707-94B6-1878E820883C"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD9FD959-477E-4DF1-A115-D59D21EB0568"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25AA0ACE-A8C6-4234-8EE2-F52438B6F472"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1E141BE-9ECF-4275-BFBD-E3DBF7D86A39"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C85F39C-C8D3-4493-8432-5EE3FB231BE9"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C158198E-8D22-41A8-8C24-8ABBE3354F33"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F377FB25-17B5-48A8-BC3C-3E99649C429E"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA4033D1-2374-429D-8927-F51EDC24E96B"
},
{
"criteria": "cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39308049-0C20-4845-9803-529A85CB9682"
}
],
"operator": "OR"
}
]
}
]