CVE-2007-1507

EPSS 1.7%

openafs - design error

Published: 3/20/2007Modified: 4/28/2026

Also known as:DEBIAN-CVE-2007-1507

Description

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.

Affected packages (2)

Debian/openafsfrom 0, < 1.4.2-6
Debian/openafsfrom 0, < 1.3.81-3sarge2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-1507