CVE-2007-5191

critical

Description

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

References

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

https://bugzilla.redhat.com/show_bug.cgi?id=320041

http://www.vupen.com/english/advisories/2008/0064

http://www.vupen.com/english/advisories/2007/3417

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

http://www.ubuntu.com/usn/usn-533-1

http://www.securitytracker.com/id?1018782

http://www.securityfocus.com/bid/25973

http://www.securityfocus.com/archive/1/486859/100/0/threaded

http://www.securityfocus.com/archive/1/485936/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2007-0969.html

http://www.debian.org/security/2008/dsa-1450

http://www.debian.org/security/2008/dsa-1449

http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

http://security.gentoo.org/glsa/glsa-200710-18.xml

http://secunia.com/advisories/28469

http://secunia.com/advisories/28368

http://secunia.com/advisories/28349

http://secunia.com/advisories/28348

http://secunia.com/advisories/27687

http://secunia.com/advisories/27399

http://secunia.com/advisories/27354

http://secunia.com/advisories/27283

http://secunia.com/advisories/27188

http://secunia.com/advisories/27145

http://secunia.com/advisories/27122

http://secunia.com/advisories/27104

http://lists.vmware.com/pipermail/security-announce/2008/000002.html

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

http://bugs.gentoo.org/show_bug.cgi?id=195390

Details

Source: Mitre, NVD

Published: 2007-10-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical