CVE-2007-5191

util-linux/loop-aes-utils - Privilege Escalation

Title source: llm

Description

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

References (34)

[Issue Tracking, Third Party Advisory] http://bugs.gentoo.org/show_bug.cgi?id=195390

[Third Party Advisory] http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

[Patch] http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html

[Third Party Advisory] http://lists.vmware.com/pipermail/security-announce/2008/000002.html

[Third Party Advisory] http://secunia.com/advisories/27104

[Third Party Advisory] http://secunia.com/advisories/27122

[Third Party Advisory] http://secunia.com/advisories/27145

[Third Party Advisory] http://secunia.com/advisories/27188

[Third Party Advisory] http://secunia.com/advisories/27283

[Third Party Advisory] http://secunia.com/advisories/27354

[Third Party Advisory] http://secunia.com/advisories/27399

[Third Party Advisory] http://secunia.com/advisories/27687

[Third Party Advisory] http://secunia.com/advisories/28348

[Third Party Advisory] http://secunia.com/advisories/28349

[Third Party Advisory] http://secunia.com/advisories/28368

[Third Party Advisory] http://secunia.com/advisories/28469

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200710-18.xml

[Third Party Advisory] http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1449

... and 14 more

Scores

EPSS 0.0010

EPSS Percentile 26.8%

Classification

CWE

CWE-252

Status draft

Affected Products (7)

kernel/util-linux < 2.13.1.1

loop-aes-utils_project/loop-aes-utils

fedoraproject/fedora

canonical/ubuntu_linux

debian/debian_linux

Timeline

Published Oct 04, 2007

Tracked Since Feb 18, 2026