Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2007-1507

Date: March 20, 2007

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.

Severity Score

Related Resources (16)

https://exchange.xforce.ibmcloud.com/vulnerabilities/33180
http://www.openafs.org/pipermail/openafs-announce/2007/000186.html
http://www.vupen.com/english/advisories/2007/1033
http://www.openafs.org/pipermail/openafs-announce/2007/000187.html
https://nvd.nist.gov/vuln/detail/CVE-2007-1507
http://security.gentoo.org/glsa/glsa-200704-03.xml
http://www.securitytracker.com/id?1017807
http://www.debian.org/security/2007/dsa-1271
http://secunia.com/advisories/24607
http://www.mandriva.com/security/advisories?name=MDKSA-2007:066
http://secunia.com/advisories/24582
http://www.openafs.org/pipermail/openafs-announce/2007/000185.html
http://secunia.com/advisories/24720
http://secunia.com/advisories/24599
http://www.securityfocus.com/bid/23060
https://www.mend.io/vulnerability-database/CVE-2007-1507

Severity Score

Weakness Type (CWE)

Configuration

CWE-16

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us