CVE-2007-5191

EPSS 0.1%
Published 04.10.2007 16:17:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Affected products Warnungen 0 Metrics 2 CWE 1 References 37

Data is provided by the National Vulnerability Database (NVD)

Kernel ≫ Util-linux Version <= 2.13.1.1

Loop-aes-utils Project ≫ Loop-aes-utils Version-

Fedoraproject ≫ Fedora Version7

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version6.10

Canonical ≫ Ubuntu Linux Version7.04

Debian ≫ Debian Linux Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.243

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

http://lists.vmware.com/pipermail/security-announce/2008/000002.html

Third Party Advisory

http://secunia.com/advisories/28368

Third Party Advisory

http://www.securityfocus.com/archive/1/485936/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/486859/100/0/threaded

Third Party Advisory

VDB Entry

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Third Party Advisory

http://www.vupen.com/english/advisories/2008/0064

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/27399

Third Party Advisory

http://bugs.gentoo.org/show_bug.cgi?id=195390

Third Party Advisory

Issue Tracking

http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

Third Party Advisory

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

http://secunia.com/advisories/27104

Third Party Advisory

http://secunia.com/advisories/27122

Third Party Advisory

http://secunia.com/advisories/27145

Third Party Advisory

http://secunia.com/advisories/27188

Third Party Advisory

http://secunia.com/advisories/27283

Third Party Advisory

http://secunia.com/advisories/27354

Third Party Advisory

http://secunia.com/advisories/27687

Third Party Advisory

http://secunia.com/advisories/28348

Third Party Advisory

http://secunia.com/advisories/28349

Third Party Advisory

http://secunia.com/advisories/28469

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200710-18.xml

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

Third Party Advisory

http://www.debian.org/security/2008/dsa-1449

Third Party Advisory

http://www.debian.org/security/2008/dsa-1450

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0969.html

Third Party Advisory

http://www.securityfocus.com/bid/25973

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1018782

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-533-1

Third Party Advisory

http://www.vupen.com/english/advisories/2007/3417

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=320041

Third Party Advisory

Issue Tracking

https://issues.rpath.com/browse/RPL-1757

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-5191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5191

EUVD