CVE - CVE-2007-1507

CVE-ID
CVE-2007-1507	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:23060 URL:http://www.securityfocus.com/bid/23060 DEBIAN:DSA-1271 URL:http://www.debian.org/security/2007/dsa-1271 GENTOO:GLSA-200704-03 URL:http://security.gentoo.org/glsa/glsa-200704-03.xml MANDRIVA:MDKSA-2007:066 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:066~~ (Obsolete source) MLIST:[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available URL:http://www.openafs.org/pipermail/openafs-announce/2007/000185.html MLIST:[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available URL:http://www.openafs.org/pipermail/openafs-announce/2007/000186.html MLIST:[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients URL:http://www.openafs.org/pipermail/openafs-announce/2007/000187.html SECTRACK:1017807 URL:http://www.securitytracker.com/id?1017807 SECUNIA:24582 URL:http://secunia.com/advisories/24582 SECUNIA:24599 URL:http://secunia.com/advisories/24599 SECUNIA:24607 URL:http://secunia.com/advisories/24607 SECUNIA:24720 URL:http://secunia.com/advisories/24720 VUPEN:ADV-2007-1033 URL:~~http://www.vupen.com/english/advisories/2007/1033~~ (Obsolete source) XF:openafs-setuid-privilege-escalation(33180) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/33180
Assigning CNA
MITRE Corporation
Date Record Created
20070320	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070320)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)