1. CVE-Search
  2. CVE-2007-5191
ID CVE-2007-5191
Summary mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
References
Vulnerable Configurations
  • cpe:2.3:a:kernel:util-linux:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.8:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.9i:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.9i:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.9v:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.9v:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.10f:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.10f:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.10m:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.10m:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.10s:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.10s:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11b:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11b:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11f:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11f:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11m:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11m:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11n:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11n:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11o:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11o:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11q:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11q:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11r:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11r:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11t:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11t:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11u:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11u:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11v:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11v:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11w:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11w:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11x:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11x:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.11y:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.11y:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12a:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12a:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12b:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12b:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12d:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12d:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12h:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12h:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12i:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12i:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12j:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12j:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12k:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12k:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12l:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12l:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12m:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12m:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12o:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12o:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12p:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12p:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12q:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12q:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.12r:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.12r:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13:-:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13:-:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13:rc2:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13:rc2:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13:rc3:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13:rc3:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13.1:-:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13.1:-:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:kernel:util-linux:2.13.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:kernel:util-linux:2.13.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:loop-aes-utils_project:loop-aes-utils:-:*:*:*:*:*:*:*
    cpe:2.3:a:loop-aes-utils_project:loop-aes-utils:-:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 04-11-2020 - 14:59)
Impact:
Exploitability:
CWE CWE-252
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:01:38.804-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
family unix
id oval:org.mitre.oval:def:10101
status accepted
submitted 2010-07-09T03:56:16-04:00
title mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
version 30
redhat via4
advisories
bugzilla
id 320041
title CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • comment util-linux is earlier than 0:2.12a-17.el4_6.1
      oval oval:com.redhat.rhsa:tst:20070969001
    • comment util-linux is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070235002
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • comment util-linux is earlier than 0:2.13-0.45.el5_1.1
      oval oval:com.redhat.rhsa:tst:20070969004
    • comment util-linux is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhba:tst:20090070002
rhsa
id RHSA-2007:0969
released 2007-11-15
severity Moderate
title RHSA-2007:0969: util-linux security update (Moderate)
rpms
  • losetup-0:2.11y-31.24
  • mount-0:2.11y-31.24
  • util-linux-0:2.11y-31.24
  • util-linux-0:2.12a-17.el4_6.1
  • util-linux-0:2.13-0.45.el5_1.1
  • util-linux-debuginfo-0:2.11y-31.24
  • util-linux-debuginfo-0:2.12a-17.el4_6.1
  • util-linux-debuginfo-0:2.13-0.45.el5_1.1
refmap via4
bid 25973
bugtraq
  • 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
  • 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
confirm
debian
  • DSA-1449
  • DSA-1450
fedora FEDORA-2007-2462
gentoo GLSA-200710-18
mandriva MDKSA-2007:198
mlist [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
sectrack 1018782
secunia
  • 27104
  • 27122
  • 27145
  • 27188
  • 27283
  • 27354
  • 27399
  • 27687
  • 28348
  • 28349
  • 28368
  • 28469
suse SUSE-SR:2007:022
ubuntu USN-533-1
vupen
  • ADV-2007-3417
  • ADV-2008-0064
statements via4
contributor Mark J Cox
lastmodified 2009-06-01
organization Red Hat
statement Updates are available to address this issue: https://rhn.redhat.com/errata/RHSA-2007-0969.html
Last major update 04-11-2020 - 14:59
Published 04-10-2007 - 16:17
Last modified 04-11-2020 - 14:59
Back to Top