CVE-2007-1507
EPSS 1.7%openafs - design error
發布日:2007/3/20修改日:2026/4/28
也稱為:DEBIAN-CVE-2007-1507
描述
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
受影響套件(2)
- Debian/openafsfrom 0, < 1.4.2-6
- Debian/openafsfrom 0, < 1.3.81-3sarge2