| Vulnerability Name: | CVE-2007-0536 (CCN-31942) | ||||||||
| Assigned: | 2007-01-25 | ||||||||
| Published: | 2007-01-25 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Jan 25 2007 - 17:15:21 CST rPSA-2007-0020-1 rmake Source: CCN Type: Full-Disclosure Mailing List, Mon Jan 29 2007 - 16:24:31 CST rPSA-2007-0020-2 rmake Source: MITRE Type: CNA CVE-2007-0536 Source: CONFIRM Type: UNKNOWN http://lists.rpath.com/pipermail/security-announce/2007-January/000137.html Source: OSVDB Type: UNKNOWN 32972 Source: SECUNIA Type: UNKNOWN 23922 Source: CCN Type: OSVDB ID: 32971 rMake Crafted Recipe File Privilege Escalation Source: CCN Type: OSVDB ID: 32972 rMake chroot Helper Package Installation Permission Weakness Source: XF Type: UNKNOWN rpath-rmake-privilege-escalation(31942) Source: XF Type: UNKNOWN rpath-rmake-privilege-escalation(31942) Source: CONFIRM Type: UNKNOWN https://issues.rpath.com/browse/RPL-987 Source: CCN Type: rPath Web site rPath JIRA - rPath JIRA | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||