CVE-2007-5191

CWE-252 — Unchecked Return Value10 documents8 sources

Severity

7.2HIGH

EPSS

0.1%

top 73.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kernel Util-linux Canonical Ubuntu Linux Debian Debian Linux +1 more

Timeline

PublishedOct 4

Latest updateMay 1

Description

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debianutil-linux< 2.13-8+3

▶NVDkernel/util-linux2.13.1.1

Also affects: Debian Linux 3.1, Ubuntu Linux 6.06, 6.10, 7.04, Fedora 7

🔴Vulnerability Details

GHSA

GHSA-x6mx-7fcg-2j6w: mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which mi↗2022-05-01

▶

OSV

CVE-2007-5191: mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which mi↗2007-10-04

▶

CVEList

CVE-2007-5191: mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which mi↗2007-10-04

▶

📋Vendor Advisories

Ubuntu

util-linux vulnerability↗2007-10-22

▶

Red Hat

util-linux (u)mount doesn't drop privileges properly when calling helpers↗2007-09-20

▶

Debian

CVE-2007-5191: util-linux - mount and umount in util-linux and loop-aes-utils call the setuid and setgid fun...↗2007

▶

💬Community

Bugzilla

CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]↗2007-10-05

▶

Bugzilla

CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6]↗2007-10-05

▶

Bugzilla

CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers↗2007-10-05

▶