Vulnerability CVE-2007-5191


Published: 2007-10-04   Modified: 2012-02-12

Description:
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Debian loop-aes team -> Loop-aes-utils 
Andries brouwer -> Util-linux 

 References:
http://bugs.gentoo.org/show_bug.cgi?id=195390
http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://security.gentoo.org/glsa/glsa-200710-18.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm
http://www.debian.org/security/2008/dsa-1449
http://www.debian.org/security/2008/dsa-1450
http://www.redhat.com/support/errata/RHSA-2007-0969.html
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.securityfocus.com/archive/1/486859/100/0/threaded
http://www.securityfocus.com/bid/25973
http://www.securitytracker.com/id?1018782
http://www.ubuntu.com/usn/usn-533-1
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vupen.com/english/advisories/2007/3417
http://www.vupen.com/english/advisories/2008/0064
https://bugzilla.redhat.com/show_bug.cgi?id=320041
https://issues.rpath.com/browse/RPL-1757
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

Copyright 2021, cxsecurity.com

 

Back to Top