Computer Security
[EN] securityvulns.ru no-pyccku


OpenAFS filesystem privilege esccalation
Published:20.03.2007
Source:
SecurityVulns ID:7438
Type:local
Threat Level:
5/10
Description:Attacke can make fake suid binary on network disk by using protocol weakness.
Affected:OPENAFS : OpenAFS 1.3
CVE:CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1271-1] New openafs packages fix remote privilege escalation bug (20.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod