Vulnerability CVE-2007-5191: Information

Description

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Severity: HIGH (7.2)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-5191
Published: Oct. 4, 2007
Modified: Nov. 7, 2023
Error type identifier: CWE-252

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://issues.rpath.com/browse/RPL-1757
  • Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=320041
  • Issue Tracking
  • Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=195390
  • Issue Tracking
  • Third Party Advisory
FEDORA-2007-2462
  • Third Party Advisory
GLSA-200710-18
  • Third Party Advisory
MDKSA-2007:198
  • Third Party Advisory
RHSA-2007:0969
  • Third Party Advisory
SUSE-SR:2007:022
  • Mailing List
  • Third Party Advisory
USN-533-1
  • Third Party Advisory
25973
  • Third Party Advisory
  • VDB Entry
1018782
  • Third Party Advisory
  • VDB Entry
27104
  • Third Party Advisory
27145
  • Third Party Advisory
27188
  • Third Party Advisory
27122
  • Third Party Advisory
27283
  • Third Party Advisory
27354
  • Third Party Advisory
27687
  • Third Party Advisory
27399
  • Third Party Advisory
DSA-1449
  • Third Party Advisory
DSA-1450
  • Third Party Advisory
28348
  • Third Party Advisory
28349
  • Third Party Advisory
[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
  • Third Party Advisory
28368
  • Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm
  • Third Party Advisory
28469
  • Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
  • Third Party Advisory
ADV-2007-3417
  • Third Party Advisory
ADV-2008-0064
  • Third Party Advisory
oval:org.mitre.oval:def:10101
  • Third Party Advisory
20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
  • Third Party Advisory
  • VDB Entry
20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
  • Third Party Advisory
  • VDB Entry
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

      1. Configuration 1

        cpe:2.3:a:kernel:util-linux:*:*:*:*:*:*:*:*
        End including
        2.13.1.1
        cpe:2.3:a:loop-aes-utils_project:loop-aes-utils:-:*:*:*:*:*:*:*

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
        cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

        Configuration 4

        cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.0
    Back to top