CVE - CVE-2007-5191

CVE-ID
CVE-2007-5191	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:25973 URL:http://www.securityfocus.com/bid/25973 BUGTRAQ:20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages URL:http://www.securityfocus.com/archive/1/485936/100/0/threaded BUGTRAQ:20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages URL:http://www.securityfocus.com/archive/1/486859/100/0/threaded CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=195390 CONFIRM:http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=ebbeb2c7ac1b00b6083905957837a271e80b187e CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0001.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=320041 CONFIRM:https://issues.rpath.com/browse/RPL-1757 DEBIAN:DSA-1449 URL:http://www.debian.org/security/2008/dsa-1449 DEBIAN:DSA-1450 URL:http://www.debian.org/security/2008/dsa-1450 FEDORA:FEDORA-2007-2462 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html GENTOO:GLSA-200710-18 URL:http://security.gentoo.org/glsa/glsa-200710-18.xml MANDRIVA:MDKSA-2007:198 URL:~~http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198~~ (Obsolete source) MLIST:[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages URL:http://lists.vmware.com/pipermail/security-announce/2008/000002.html OVAL:oval:org.mitre.oval:def:10101 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101 REDHAT:RHSA-2007:0969 URL:http://www.redhat.com/support/errata/RHSA-2007-0969.html SECTRACK:1018782 URL:http://www.securitytracker.com/id?1018782 SECUNIA:27104 URL:http://secunia.com/advisories/27104 SECUNIA:27122 URL:http://secunia.com/advisories/27122 SECUNIA:27145 URL:http://secunia.com/advisories/27145 SECUNIA:27188 URL:http://secunia.com/advisories/27188 SECUNIA:27283 URL:http://secunia.com/advisories/27283 SECUNIA:27354 URL:http://secunia.com/advisories/27354 SECUNIA:27399 URL:http://secunia.com/advisories/27399 SECUNIA:27687 URL:http://secunia.com/advisories/27687 SECUNIA:28348 URL:http://secunia.com/advisories/28348 SECUNIA:28349 URL:http://secunia.com/advisories/28349 SECUNIA:28368 URL:http://secunia.com/advisories/28368 SECUNIA:28469 URL:http://secunia.com/advisories/28469 SUSE:SUSE-SR:2007:022 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html UBUNTU:USN-533-1 URL:http://www.ubuntu.com/usn/usn-533-1 VUPEN:ADV-2007-3417 URL:~~http://www.vupen.com/english/advisories/2007/3417~~ (Obsolete source) VUPEN:ADV-2008-0064 URL:~~http://www.vupen.com/english/advisories/2008/0064~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20071004	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071004)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)