Home > Vulnerability Database > CVE-2007-5191

Mend.io Vulnerability Database

CVE-2007-5191

Date: October 4, 2007

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Severity Score

8.4

Related Resources (38)

Url: http://bugs.gentoo.org/show_bug.cgi?id=195390

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

Url: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

Url: http://secunia.com/advisories/27283

Url: http://www.securitytracker.com/id?1018782

Url: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

Url: http://www.vupen.com/english/advisories/2007/3417

Url: https://bugzilla.redhat.com/show_bug.cgi?id=320041

Url: https://access.redhat.com/security/cve/CVE-2007-5191

Url: https://issues.rpath.com/browse/RPL-1757

Url: http://secunia.com/advisories/28469

Url: http://secunia.com/advisories/28348

Url: http://secunia.com/advisories/27399

Url: http://secunia.com/advisories/28349

Url: http://secunia.com/advisories/27354

Url: http://www.securityfocus.com/archive/1/485936/100/0/threaded

Url: http://www.debian.org/security/2008/dsa-1449

Url: http://secunia.com/advisories/28368

Url: http://www.vupen.com/english/advisories/2008/0064

Url: http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

Url: http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Url: http://www.securityfocus.com/archive/1/486859/100/0/threaded

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-5191

Url: http://www.securityfocus.com/bid/25973

Url: http://lists.vmware.com/pipermail/security-announce/2008/000002.html

Url: http://www.debian.org/security/2008/dsa-1450

Url: http://www.ubuntu.com/usn/usn-533-1

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

Url: http://security.gentoo.org/glsa/glsa-200710-18.xml

Url: http://www.redhat.com/support/errata/RHSA-2007-0969.html

Url: http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

Url: http://secunia.com/advisories/27145

Url: http://secunia.com/advisories/27122

Url: http://secunia.com/advisories/27188

Url: http://secunia.com/advisories/27104

Url: http://secunia.com/advisories/27687

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5191

Url: https://www.mend.io/vulnerability-database/CVE-2007-5191

Severity Score

8.4

Weakness Type (CWE)

Unchecked Return Value

CWE-252

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-5191

Date: October 4, 2007

Severity Score

Related Resources (38)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?