CVE-2007-5191

NONE EPSS 35.3%
Published Oct 4, 200718y ago · Modified Jun 16, 20262w ago
Find Similar
Published Oct 4, 2007 18y ago
Last Modified Jun 16, 2026 2w ago

Description

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Threat Intelligence

EPSS Exploit Probability
35.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-252

Affected Products 7

VendorProductVersionRange
kernelutil-linux* ≤2.13.1.1
loop-aes-utils_projectloop-aes-utils*any
fedoraprojectfedora7any
canonicalubuntu_linux6.06any
canonicalubuntu_linux6.10any
canonicalubuntu_linux7.04any
debiandebian_linux3.1any

References 34

  • bugs.gentoo.org http://bugs.gentoo.org/show_bug.cgi?id=195390
    Issue TrackingThird Party Advisory
  • frontal2.mandriva.com http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198
    Third Party Advisory
  • git.kernel.org http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
    Mailing ListThird Party Advisory
  • lists.vmware.com http://lists.vmware.com/pipermail/security-announce/2008/000002.html
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27104
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27122
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27145
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27188
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27283
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27354
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27399
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/27687
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/28348
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/28349
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/28368
    Third Party Advisory
  • secunia.com http://secunia.com/advisories/28469
    Third Party Advisory
  • security.gentoo.org http://security.gentoo.org/glsa/glsa-200710-18.xml
    Third Party Advisory
  • support.avaya.com http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm
    Third Party Advisory
  • debian.org http://www.debian.org/security/2008/dsa-1449
    Third Party Advisory
  • debian.org http://www.debian.org/security/2008/dsa-1450
    Third Party Advisory
  • redhat.com http://www.redhat.com/support/errata/RHSA-2007-0969.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/archive/1/485936/100/0/threaded
    Third Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/archive/1/486859/100/0/threaded
    Third Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/25973
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id?1018782
    Third Party AdvisoryVDB Entry
  • ubuntu.com http://www.ubuntu.com/usn/usn-533-1
    Third Party Advisory
  • vmware.com http://www.vmware.com/security/advisories/VMSA-2008-0001.html
    Third Party Advisory
  • vupen.com http://www.vupen.com/english/advisories/2007/3417
    Third Party Advisory
  • vupen.com http://www.vupen.com/english/advisories/2008/0064
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=320041
    Issue TrackingThird Party Advisory
  • issues.rpath.com https://issues.rpath.com/browse/RPL-1757
    Broken Link
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101
    Third Party Advisory
  • redhat.com https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.