Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Published

2007-10-04T16:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-252

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	kernel	util-linux	≤ 2.13.1.1	Yes
Application	loop-aes-utils_project	loop-aes-utils	-	Yes
Operating System	fedoraproject	fedora	7	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes
Operating System	canonical	ubuntu_linux	7.04	Yes
Operating System	debian	debian_linux	3.1	Yes

References

http://bugs.gentoo.org/show_bug.cgi?id=195390 Issue Tracking, Third Party Advisory ([email protected])
http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 Third Party Advisory ([email protected])
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html Mailing List, Third Party Advisory ([email protected])
http://lists.vmware.com/pipermail/security-announce/2008/000002.html Third Party Advisory ([email protected])
http://secunia.com/advisories/27104 Third Party Advisory ([email protected])
http://secunia.com/advisories/27122 Third Party Advisory ([email protected])
http://secunia.com/advisories/27145 Third Party Advisory ([email protected])
http://secunia.com/advisories/27188 Third Party Advisory ([email protected])
http://secunia.com/advisories/27283 Third Party Advisory ([email protected])
http://secunia.com/advisories/27354 Third Party Advisory ([email protected])
http://secunia.com/advisories/27399 Third Party Advisory ([email protected])
http://secunia.com/advisories/27687 Third Party Advisory ([email protected])
http://secunia.com/advisories/28348 Third Party Advisory ([email protected])
http://secunia.com/advisories/28349 Third Party Advisory ([email protected])
http://secunia.com/advisories/28368 Third Party Advisory ([email protected])
http://secunia.com/advisories/28469 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200710-18.xml Third Party Advisory ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1449 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1450 Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0969.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/485936/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/486859/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/25973 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1018782 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-533-1 Third Party Advisory ([email protected])
http://www.vmware.com/security/advisories/VMSA-2008-0001.html Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/3417 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/0064 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=320041 Issue Tracking, Third Party Advisory ([email protected])
https://issues.rpath.com/browse/RPL-1757 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101 Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html Third Party Advisory ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=195390 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.vmware.com/pipermail/security-announce/2008/000002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27104 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27122 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27145 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27283 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27354 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27399 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27687 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28348 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28349 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28368 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28469 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200710-18.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1449 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1450 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0969.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/485936/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/486859/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25973 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018782 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-533-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2008-0001.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3417 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0064 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=320041 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1757 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)