CVE-2007-0536

3 documents3 sources

Severity

7.2HIGH

EPSS

0.0%

top 88.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rpath Rpath Linux

Timeline

PublishedJan 27

Latest updateMay 1

Description

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDrpath/rpath_linux1

🔴Vulnerability Details

GHSA

GHSA-wj7j-qxp9-6v32: The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and mi↗2022-05-01

▶

CVEList

CVE-2007-0536: The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and mi↗2007-01-27

▶