SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-5191

Date: (C)2007-10-04 (M)2023-12-22

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0

CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE

Reference:

SECTRACK-1018782

http://www.securityfocus.com/archive/1/485936/100/0/threaded

http://www.securityfocus.com/archive/1/486859/100/0/threaded

FEDORA-2007-2462

SUSE-SR:2007:022

http://lists.vmware.com/pipermail/security-announce/2008/000002.html

http://bugs.gentoo.org/show_bug.cgi?id=195390

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

https://bugzilla.redhat.com/show_bug.cgi?id=320041

https://issues.rpath.com/browse/RPL-1757

oval:org.mitre.oval:def:10101

cpe:/o:fedoraproject:fedora:7
cpe:/o:canonical:ubuntu_linux:7.04
cpe:/o:canonical:ubuntu_linux:6.06
cpe:/o:debian:debian_linux:3.1
...

oval:org.mitre.oval:def:8090
oval:org.mitre.oval:def:7851

© SecPod Technologies