CVE-2007-1507
Severity CVSS v4.0:
Pending analysis
Type:
CWE-16
Configuration Errors
Publication date:
20/03/2007
Last modified:
09/04/2025
Description
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/24582
- http://secunia.com/advisories/24599
- http://secunia.com/advisories/24607
- http://secunia.com/advisories/24720
- http://security.gentoo.org/glsa/glsa-200704-03.xml
- http://www.debian.org/security/2007/dsa-1271
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A066
- http://www.openafs.org/pipermail/openafs-announce/2007/000185.html
- http://www.openafs.org/pipermail/openafs-announce/2007/000186.html
- http://www.openafs.org/pipermail/openafs-announce/2007/000187.html
- http://www.securityfocus.com/bid/23060
- http://www.securitytracker.com/id?1017807=
- http://www.vupen.com/english/advisories/2007/1033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33180
- http://secunia.com/advisories/24582
- http://secunia.com/advisories/24599
- http://secunia.com/advisories/24607
- http://secunia.com/advisories/24720
- http://security.gentoo.org/glsa/glsa-200704-03.xml
- http://www.debian.org/security/2007/dsa-1271
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A066
- http://www.openafs.org/pipermail/openafs-announce/2007/000185.html
- http://www.openafs.org/pipermail/openafs-announce/2007/000186.html
- http://www.openafs.org/pipermail/openafs-announce/2007/000187.html
- http://www.securityfocus.com/bid/23060
- http://www.securitytracker.com/id?1017807=
- http://www.vupen.com/english/advisories/2007/1033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33180