what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2007-5191

Status Candidate

Overview

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Related Files

VMware Security Advisory 2008-0001.1
Posted Jan 24, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
MD5 | 32513e301c91fd38b9f8ec6889e3cd68
VMware Security Advisory 2008-0001
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
MD5 | 1df09e78239ba4cc4fd6cebba03a8ad0
Debian Linux Security Advisory 1450-1
Posted Jan 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1450-1 - It was discovered that util-linux, Miscellaneous system utilities, did not drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.

tags | advisory, local
systems | linux, debian
advisories | CVE-2007-5191
MD5 | 3238a602809e0f2262812808b4387eb2
Debian Linux Security Advisory 1449-1
Posted Jan 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1449-1 - It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.

tags | advisory, local
systems | linux, debian
advisories | CVE-2007-5191
MD5 | b9555a32859ef7f171d1e26868c1dd25
Ubuntu Security Notice 533-1
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 533-1 - Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2007-5191
MD5 | 43cdabef17197796a0e6ed65fa2805b4
Gentoo Linux Security Advisory 200710-18
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-18 - Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Versions less than 2.12r-r8 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5191
MD5 | 71b4aca2aca73e6a69751ac8e61c7132
Mandriva Linux Security Advisory 2007.198
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The mount and umount programs in util-linux called the setuid() and setgid() functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-5191
MD5 | dd3bb8a621df79d81e88f389dec88ac1
Page 1 of 1
Back1Next

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close