exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2007-5191

Status Candidate

Overview

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Related Files

VMware Security Advisory 2008-0001.1
Posted Jan 24, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
SHA-256 | 483d9d8f7624eaf97e973bf1a873f074836e2faa50411880fd4a74ea047d49c1
VMware Security Advisory 2008-0001
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
SHA-256 | be7e78ccb4f20704221fb7366e2271392d4aa26ec0d833801cc6ea984541e69f
Debian Linux Security Advisory 1450-1
Posted Jan 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1450-1 - It was discovered that util-linux, Miscellaneous system utilities, did not drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.

tags | advisory, local
systems | linux, debian
advisories | CVE-2007-5191
SHA-256 | 4734fc3adec246db57dff268bd354db2f13d0fcb4816a74542256e9fba9110ac
Debian Linux Security Advisory 1449-1
Posted Jan 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1449-1 - It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged users and groups in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges.

tags | advisory, local
systems | linux, debian
advisories | CVE-2007-5191
SHA-256 | 7ba837b3c03fe2093d868d969cfff17ad96234f1fbca2104edfba253113b86c4
Ubuntu Security Notice 533-1
Posted Oct 23, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 533-1 - Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2007-5191
SHA-256 | 452e663fa6ac02624ced4b9e311d931598da9b08d6c91f7ebe13d2f56c4521f4
Gentoo Linux Security Advisory 200710-18
Posted Oct 18, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-18 - Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Versions less than 2.12r-r8 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2007-5191
SHA-256 | 50f3319e4e75be09131765eacc9544265c63c59560154b3055e4fb1df1ac3acc
Mandriva Linux Security Advisory 2007.198
Posted Oct 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - The mount and umount programs in util-linux called the setuid() and setgid() functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs.

tags | advisory
systems | linux, mandriva
advisories | CVE-2007-5191
SHA-256 | 0eda8e230b5744477117303ec526fad47744d0cde3481d188716d2398ad9472e
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close