Back to search
CVE-2007-1507
Published: Mar 20, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-1033
vdb-entry
x_refsource_VUPEN
24582
third-party-advisory
x_refsource_SECUNIA
1017807
vdb-entry
x_refsource_SECTRACK
[OpenAFS-announce] 20070319 OpenAFS 1.5.17 release available
mailing-list
x_refsource_MLIST
openafs-setuid-privilege-escalation(33180)
vdb-entry
x_refsource_XF
DSA-1271
vendor-advisory
x_refsource_DEBIAN
24720
third-party-advisory
x_refsource_SECUNIA
[OpenAFS-announce] 20070319 OpenAFS 1.4.4 available
mailing-list
x_refsource_MLIST
24607
third-party-advisory
x_refsource_SECUNIA
GLSA-200704-03
vendor-advisory
x_refsource_GENTOO
[OpenAFS-announce] 20070320 OpenAFS Security Advisory 2007-001: privilege escalation in Unix-based clients
mailing-list
x_refsource_MLIST
MDKSA-2007:066
vendor-advisory
x_refsource_MANDRIVA
24599
third-party-advisory
x_refsource_SECUNIA
23060
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now