CVE-2007-5191 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5191
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5191

Description: mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-533-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html ST 1018782 SAID Secunia Advisory: SA27687 Secunia Advisory: SA27354 Secunia Advisory: SA27283 Secunia Advisory: SA27122 Secunia Advisory: SA27188 Secunia Advisory: SA27104 Secunia Advisory: SA27145 Secunia Advisory: SA27399 Secunia Advisory: SA28348 Secunia Advisory: SA28349 Secunia Advisory: SA28368 Secunia Advisory: SA28469 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0969.html MLIST http://lists.vmware.com/pipermail/security-announce/2008/000002.html MANDRIVA http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 GENTOO http://security.gentoo.org/glsa/glsa-200710-18.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1449 http://www.debian.org/security/2008/dsa-1450 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=195390 http://www.vmware.com/security/advisories/VMSA-2008-0001.html http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded BID 25973

Return to the previous page.