7.5

CVE-2007-1507

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenafsOpenafs Version1.4.0
OpenafsOpenafs Version1.4.1
OpenafsOpenafs Version1.4.2
OpenafsOpenafs Version1.4.3
OpenafsOpenafs Version1.4.4
OpenafsOpenafs Version1.5.0
OpenafsOpenafs Version1.5.1
OpenafsOpenafs Version1.5.2
OpenafsOpenafs Version1.5.3
OpenafsOpenafs Version1.5.5
OpenafsOpenafs Version1.5.6
OpenafsOpenafs Version1.5.7
OpenafsOpenafs Version1.5.8
OpenafsOpenafs Version1.5.9
OpenafsOpenafs Version1.5.10
OpenafsOpenafs Version1.5.11
OpenafsOpenafs Version1.5.12
OpenafsOpenafs Version1.5.13
OpenafsOpenafs Version1.5.14
OpenafsOpenafs Version1.5.15
OpenafsOpenafs Version1.5.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.52% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/24582
Vendor Advisory
http://secunia.com/advisories/24599
Vendor Advisory
http://secunia.com/advisories/24607
Vendor Advisory
http://secunia.com/advisories/24720
http://security.gentoo.org/glsa/glsa-200704-03.xml
http://www.debian.org/security/2007/dsa-1271
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:066
http://www.openafs.org/pipermail/openafs-announce/2007/000185.html
Vendor Advisory
http://www.openafs.org/pipermail/openafs-announce/2007/000186.html
Patch
Vendor Advisory
http://www.openafs.org/pipermail/openafs-announce/2007/000187.html
http://www.securityfocus.com/bid/23060
http://www.securitytracker.com/id?1017807
http://www.vupen.com/english/advisories/2007/1033
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33180