| Vulnerability Name: | CVE-2007-5191 (CCN-37023) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2007-09-20 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2007-09-20 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2020-11-04 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C) 5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-252 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Issue Tracking, Third Party Advisory http://bugs.gentoo.org/show_bug.cgi?id=195390 Source: MITRE Type: CNA CVE-2007-5191 Source: CCN Type: freshmeat.net util-linux - Default branch Source: MANDRIVA Type: Third Party Advisory MDKSA-2007:198 Source: CCN Type: The Linux Kernel Archives Web site mount: doesn't drop privileges properly when calling helpers Source: CONFIRM Type: Broken Link http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e Source: SUSE Type: Mailing List, Third Party Advisory SUSE-SR:2007:022 Source: CCN Type: Security-announce Mailing List, Mon Jan 7 17:46:23 PST 2008 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Source: MLIST Type: Third Party Advisory [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Source: CCN Type: VMware Security-Announce Mailing List, Tue Jan 22 16:42:45 PST 2008 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Source: CCN Type: RHSA-2007-0969 Moderate: util-linux security update Source: SECUNIA Type: Third Party Advisory 27104 Source: SECUNIA Type: Third Party Advisory 27122 Source: CCN Type: SA27145 util-linux Privilege Escalation Vulnerability Source: SECUNIA Type: Third Party Advisory 27145 Source: SECUNIA Type: Third Party Advisory 27188 Source: SECUNIA Type: Third Party Advisory 27283 Source: SECUNIA Type: Third Party Advisory 27354 Source: SECUNIA Type: Third Party Advisory 27399 Source: SECUNIA Type: Third Party Advisory 27687 Source: SECUNIA Type: Third Party Advisory 28348 Source: SECUNIA Type: Third Party Advisory 28349 Source: CCN Type: SA28368 VMware ESX Server Multiple Security Updates Source: SECUNIA Type: Third Party Advisory 28368 Source: CCN Type: SA28469 Avaya Products util-linux Privilege Escalation Vulnerability Source: SECUNIA Type: Third Party Advisory 28469 Source: GENTOO Type: Third Party Advisory GLSA-200710-18 Source: CCN Type: SECTRACK ID: 1018782 Util-linux mount/umount Privilege Bug Lets Local Users Gain Elevated Privileges Source: CONFIRM Type: Third Party Advisory http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm Source: CCN Type: ASA-2008-023 util-linux security update (RHSA-2007-0969) Source: CCN Type: The util-linux-ng code repository util-linux-ng Source: DEBIAN Type: Third Party Advisory DSA-1449 Source: DEBIAN Type: Third Party Advisory DSA-1450 Source: DEBIAN Type: DSA-1449 loop-aes-utils -- programming error Source: DEBIAN Type: DSA-1450 util-linux -- programming error Source: CCN Type: GLSA-200710-18 util-linux: Local privilege escalation Source: REDHAT Type: Third Party Advisory RHSA-2007:0969 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages Source: BID Type: Third Party Advisory, VDB Entry 25973 Source: CCN Type: BID-25973 util-linux mount umount Local Privilege Escalation Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1018782 Source: CCN Type: USN-533-1 util-linux vulnerability Source: UBUNTU Type: Third Party Advisory USN-533-1 Source: CONFIRM Type: Third Party Advisory http://www.vmware.com/security/advisories/VMSA-2008-0001.html Source: VUPEN Type: Third Party Advisory ADV-2007-3417 Source: VUPEN Type: Third Party Advisory ADV-2008-0064 Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=320041 Source: XF Type: UNKNOWN utillinux-mount-umount-privilege-escalation(37023) Source: CONFIRM Type: Broken Link https://issues.rpath.com/browse/RPL-1757 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:10101 Source: FEDORA Type: Third Party Advisory FEDORA-2007-2462 Source: SUSE Type: SUSE-SR:2007:022 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||