CVE-2007-1507
published 2007-03-20CVE-2007-1507: The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openafs | < openafs 1.4.2-6 (bookworm) | openafs 1.4.2-6 (bookworm) |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | — | — |
| openafs | openafs | >= 0 < 1.4.2-6 | 1.4.2-6 |
| openafs | openafs | >= 0 < 1.4.2-6 | 1.4.2-6 |
| openafs | openafs | >= 0 < 1.4.2-6 | 1.4.2-6 |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH