CVE-2007-5191

util-linux/loop-aes-utils - Privilege Escalation

Title source: llm

Description

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

References (34)

[Broken Link] https://issues.rpath.com/browse/RPL-1757

[Third Party Advisory] https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=320041

[Third Party Advisory] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101

[Third Party Advisory] http://www.ubuntu.com/usn/usn-533-1

[Third Party Advisory] http://secunia.com/advisories/27145

[Issue Tracking, Third Party Advisory] http://bugs.gentoo.org/show_bug.cgi?id=195390

[Third Party Advisory] http://secunia.com/advisories/27122

[Third Party Advisory] http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198

[Patch] http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e

[Third Party Advisory] http://secunia.com/advisories/28349

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1449

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1450

[Third Party Advisory] http://secunia.com/advisories/27104

[Third Party Advisory] http://secunia.com/advisories/27283

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485936/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/27354

[Third Party Advisory] http://lists.vmware.com/pipermail/security-announce/2008/000002.html

[Third Party Advisory] http://secunia.com/advisories/28469

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200710-18.xml

... and 14 more

Scores

EPSS 0.0010

EPSS Percentile 26.6%

Details

CWE

CWE-252

Status published

Products (7)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 6.10

canonical/ubuntu_linux 7.04

debian/debian_linux 3.1

fedoraproject/fedora 7

kernel/util-linux < 2.13.1.1

loop-aes-utils_project/loop-aes-utils

Published Oct 04, 2007

Tracked Since Feb 18, 2026