← volver
CVE-2007-1507

CVE-2007-1507

EPSS 2.5%
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://secunia.com/advisories/24582http://secunia.com/advisories/24599http://secunia.com/advisories/24607http://secunia.com/advisories/24720http://security.gentoo.org/glsa/glsa-200704-03.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/33180http://www.debian.org/security/2007/dsa-1271http://www.mandriva.com/security/advisories?name=MDKSA-2007:066http://www.openafs.org/pipermail/openafs-announce/2007/000185.htmlhttp://www.openafs.org/pipermail/openafs-announce/2007/000186.htmlhttp://www.openafs.org/pipermail/openafs-announce/2007/000187.htmlhttp://www.securityfocus.com/bid/23060