Vulnerability Description
The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rpath | Rpath Linux | 1 |
References
- http://lists.rpath.com/pipermail/security-announce/2007-January/000137.html
- http://osvdb.org/32972
- http://secunia.com/advisories/23922
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31942
- https://issues.rpath.com/browse/RPL-987
- http://lists.rpath.com/pipermail/security-announce/2007-January/000137.html
- http://osvdb.org/32972
- http://secunia.com/advisories/23922
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31942
- https://issues.rpath.com/browse/RPL-987
FAQ
What is CVE-2007-0536?
CVE-2007-0536 is a vulnerability with a CVSS score of 7.2 (HIGH). The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.
How severe is CVE-2007-0536?
CVE-2007-0536 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0536?
Check the references section above for vendor advisories and patch information. Affected products include: Rpath Rpath Linux.