ByteOS Network

Vulnerability Details :

CVE-2007-5191

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-04 Oct, 2007 | 16:00

Updated At-07 Aug, 2024 | 15:24

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:redhat

Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749

Published At:04 Oct, 2007 | 16:00

Updated At:07 Aug, 2024 | 15:24

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.ubuntu.com/usn/usn-533-1	vendor-advisory x_refsource_UBUNTU
https://issues.rpath.com/browse/RPL-1757	x_refsource_CONFIRM
http://secunia.com/advisories/27145	third-party-advisory x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=195390	x_refsource_CONFIRM
http://secunia.com/advisories/27122	third-party-advisory x_refsource_SECUNIA
http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198	vendor-advisory x_refsource_MANDRIVA
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e	x_refsource_CONFIRM
http://secunia.com/advisories/28349	third-party-advisory x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1449	vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2008/dsa-1450	vendor-advisory x_refsource_DEBIAN
http://secunia.com/advisories/27104	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27283	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485936/100/0/threaded	mailing-list x_refsource_BUGTRAQ
http://secunia.com/advisories/27354	third-party-advisory x_refsource_SECUNIA
http://lists.vmware.com/pipermail/security-announce/2008/000002.html	mailing-list x_refsource_MLIST
http://secunia.com/advisories/28469	third-party-advisory x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200710-18.xml	vendor-advisory x_refsource_GENTOO
http://secunia.com/advisories/28348	third-party-advisory x_refsource_SECUNIA
http://www.securitytracker.com/id?1018782	vdb-entry x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html	vendor-advisory x_refsource_FEDORA
http://secunia.com/advisories/27687	third-party-advisory x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=320041	x_refsource_CONFIRM
http://secunia.com/advisories/28368	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27399	third-party-advisory x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101	vdb-entry signature x_refsource_OVAL
http://www.securityfocus.com/bid/25973	vdb-entry x_refsource_BID
http://secunia.com/advisories/27188	third-party-advisory x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2007/3417	vdb-entry x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2007-0969.html	vendor-advisory x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html	vendor-advisory x_refsource_SUSE
http://www.vmware.com/security/advisories/VMSA-2008-0001.html	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/0064	vdb-entry x_refsource_VUPEN
http://www.securityfocus.com/archive/1/486859/100/0/threaded	mailing-list x_refsource_BUGTRAQ

Hyperlink: http://www.ubuntu.com/usn/usn-533-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://issues.rpath.com/browse/RPL-1757

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/27145

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=195390

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/27122

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/28349

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.debian.org/security/2008/dsa-1449

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.debian.org/security/2008/dsa-1450

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://secunia.com/advisories/27104

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/27283

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/archive/1/485936/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://secunia.com/advisories/27354

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://lists.vmware.com/pipermail/security-announce/2008/000002.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://secunia.com/advisories/28469

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://security.gentoo.org/glsa/glsa-200710-18.xml

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://secunia.com/advisories/28348

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securitytracker.com/id?1018782

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://secunia.com/advisories/27687

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=320041

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/28368

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/27399

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://www.securityfocus.com/bid/25973

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://secunia.com/advisories/27188

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.vupen.com/english/advisories/2007/3417

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0969.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.vupen.com/english/advisories/2008/0064

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://www.securityfocus.com/archive/1/486859/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.ubuntu.com/usn/usn-533-1	vendor-advisory x_refsource_UBUNTU x_transferred
https://issues.rpath.com/browse/RPL-1757	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/27145	third-party-advisory x_refsource_SECUNIA x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=195390	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/27122	third-party-advisory x_refsource_SECUNIA x_transferred
http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198	vendor-advisory x_refsource_MANDRIVA x_transferred
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/28349	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.debian.org/security/2008/dsa-1449	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.debian.org/security/2008/dsa-1450	vendor-advisory x_refsource_DEBIAN x_transferred
http://secunia.com/advisories/27104	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/27283	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/archive/1/485936/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred
http://secunia.com/advisories/27354	third-party-advisory x_refsource_SECUNIA x_transferred
http://lists.vmware.com/pipermail/security-announce/2008/000002.html	mailing-list x_refsource_MLIST x_transferred
http://secunia.com/advisories/28469	third-party-advisory x_refsource_SECUNIA x_transferred
http://security.gentoo.org/glsa/glsa-200710-18.xml	vendor-advisory x_refsource_GENTOO x_transferred
http://secunia.com/advisories/28348	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securitytracker.com/id?1018782	vdb-entry x_refsource_SECTRACK x_transferred
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html	vendor-advisory x_refsource_FEDORA x_transferred
http://secunia.com/advisories/27687	third-party-advisory x_refsource_SECUNIA x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=320041	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/28368	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/27399	third-party-advisory x_refsource_SECUNIA x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101	vdb-entry signature x_refsource_OVAL x_transferred
http://www.securityfocus.com/bid/25973	vdb-entry x_refsource_BID x_transferred
http://secunia.com/advisories/27188	third-party-advisory x_refsource_SECUNIA x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm	x_refsource_CONFIRM x_transferred
http://www.vupen.com/english/advisories/2007/3417	vdb-entry x_refsource_VUPEN x_transferred
http://www.redhat.com/support/errata/RHSA-2007-0969.html	vendor-advisory x_refsource_REDHAT x_transferred
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.vmware.com/security/advisories/VMSA-2008-0001.html	x_refsource_CONFIRM x_transferred
http://www.vupen.com/english/advisories/2008/0064	vdb-entry x_refsource_VUPEN x_transferred
http://www.securityfocus.com/archive/1/486859/100/0/threaded	mailing-list x_refsource_BUGTRAQ x_transferred

Hyperlink: http://www.ubuntu.com/usn/usn-533-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://issues.rpath.com/browse/RPL-1757

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/27145

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=195390

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/27122

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/28349

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.debian.org/security/2008/dsa-1449

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://www.debian.org/security/2008/dsa-1450

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://secunia.com/advisories/27104

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/27283

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/485936/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://secunia.com/advisories/27354

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://lists.vmware.com/pipermail/security-announce/2008/000002.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://secunia.com/advisories/28469

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://security.gentoo.org/glsa/glsa-200710-18.xml

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: http://secunia.com/advisories/28348

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securitytracker.com/id?1018782

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://secunia.com/advisories/27687

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=320041

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/28368

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/27399

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://www.securityfocus.com/bid/25973

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://secunia.com/advisories/27188

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2007/3417

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0969.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2008/0064

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/486859/100/0/threaded

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert@redhat.com

Published At:04 Oct, 2007 | 16:17

Updated At:07 Nov, 2023 | 02:01

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-252	Primary	nvd@nist.gov

CWE ID: CWE-252

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2009-06-01T00:00:00

Updates are available to address this issue: https://rhn.redhat.com/errata/RHSA-2007-0969.html