Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5191

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-5191
Last Modified 07 Mar 2011 12:00:00
Published 04 Oct 2007 12:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5191

Summary

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Vulnerable Systems

Application

  • Andries Brouwer Util-linux

  • Debian Loop-aes Team Loop-aes-utils


References

CONFIRM - http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e

FEDORA - FEDORA-2007-2462

CONFIRM - https://issues.rpath.com/browse/RPL-1757

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=320041

VUPEN - ADV-2008-0064

VUPEN - ADV-2007-3417

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0001.html

UBUNTU - USN-533-1

SECTRACK - 1018782

BID - 25973

BUGTRAQ - 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

BUGTRAQ - 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

REDHAT - RHSA-2007:0969

DEBIAN - DSA-1450

DEBIAN - DSA-1449

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

GENTOO - GLSA-200710-18

SECUNIA - 28469

SECUNIA - 28368

SECUNIA - 28349

SECUNIA - 28348

SECUNIA - 27687

SECUNIA - 27399

SECUNIA - 27354

SECUNIA - 27283

SECUNIA - 27188

SECUNIA - 27145

SECUNIA - 27122

SECUNIA - 27104

MLIST - [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

SUSE - SUSE-SR:2007:022

MANDRIVA - MDKSA-2007:198

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=195390


Last Updated: 27 May 2016 10:46:06