CVE-2007-5191
Published Oct 4, 2007
Last updated a year ago
Overview
- Description
- mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-252
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatUpdates are available to address this issue: https://rhn.redhat.com/errata/RHSA-2007-0969.html
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2B105D8-DD99-4578-9F97-E986A8610945",
"versionEndIncluding": "2.13.1.1"
},
{
"criteria": "cpe:2.3:a:loop-aes-utils_project:loop-aes-utils:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD8AEBA1-599C-44DB-96A9-1AD8E73376A1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3EFD171-01F7-450B-B6F3-0F7E443A2337"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
}
],
"operator": "OR"
}
]
}
]