Vulnerability Description
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openafs | Openafs | 1.4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/24582Vendor Advisory
- http://secunia.com/advisories/24599Vendor Advisory
- http://secunia.com/advisories/24607Vendor Advisory
- http://secunia.com/advisories/24720
- http://security.gentoo.org/glsa/glsa-200704-03.xml
- http://www.debian.org/security/2007/dsa-1271Vendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:066
- http://www.openafs.org/pipermail/openafs-announce/2007/000185.htmlVendor Advisory
- http://www.openafs.org/pipermail/openafs-announce/2007/000186.htmlPatchVendor Advisory
- http://www.openafs.org/pipermail/openafs-announce/2007/000187.html
- http://www.securityfocus.com/bid/23060
- http://www.securitytracker.com/id?1017807
- http://www.vupen.com/english/advisories/2007/1033Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33180
- http://secunia.com/advisories/24582Vendor Advisory
FAQ
What is CVE-2007-1507?
CVE-2007-1507 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to...
How severe is CVE-2007-1507?
CVE-2007-1507 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1507?
Check the references section above for vendor advisories and patch information. Affected products include: Openafs Openafs.