CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/27104 http://secunia.com/advisories/27122 http://secunia.com/advisories/27145 http:/ • CWE-252: Unchecked Return Value •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2007-5159
https://notcve.org/view.php?id=CVE-2007-5159
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak. El paquete ntfs-3g anterior a 1.913-2.fc7 en Fedora 7, y en el paquete kntfs-3g package en Ubuntu 7.10/Gutsy, asigna de forma incorrecta los permisos (setuid root) en mount.ntfs-3g, el cual permite a usuarios locales siendo miembros de fuse leer y escribir dispositivos de bloque de su elección, posiblemente afectando a un descriptor de fichero débil. • http://secunia.com/advisories/26938 https://bugzilla.redhat.com/show_bug.cgi?id=298651 https://www.redhat.com/archives/fedora-desktop-list/2007-September/msg00163.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00368.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 31%CPEs: 2EXPL: 0CVE-2007-4000 – krb5 kadmind uninitialized pointer
https://notcve.org/view.php?id=CVE-2007-4000
The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer. La función kadm5_modify_policy_internal en lib/kadm5/srv/svr_policy.c del demonio de administración de Kerberos (kadmind) en MIT Kerberos 5 (krb5) 1.5 hasta 1.6.2 no comprueba adecuadamente los valores de retorno cuando no existe política, lo cual podría permitir a usuarios autenticados remotos con el privilegio de "modificar política" ejecutar código de su elección mediante vectores no especificados que provocan una escritura en un puntero no inicializado. • http://secunia.com/advisories/26676 http://secunia.com/advisories/26680 http://secunia.com/advisories/26700 http://secunia.com/advisories/26728 http://secunia.com/advisories/26783 http://secunia.com/advisories/26987 http://securityreason.com/securityalert/3092 http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml http://www.kb.cert.org/vuls/id/377544 http://www.mandriva.com/security/advisories?name=MDKSA&# • CWE-824: Access of Uninitialized Pointer •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4134 – star directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4134
Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de escalado de directorio en el extract.c en el star anterior al 1.5a84 permite a atacantes con la intervención del usuario sobrescribir ficheros de su elección a través de ciertas secuencias //.. (barra oblicua, barra oblicua, punto, punto) en el directorio symlinks en un archivo TAR. • ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84 ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://secunia.com/advisories/26626 http://secunia.com/advisories/26672 http://secunia.com/advisories/26673 http://secunia.com/advisories/26857 http://secunia.com/advisories/27318 http://secunia.com/advisories/27544 http://securitytracker.com/id?1018646 http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm http://www.gentoo.org/security/en/gl • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2007-3847 – httpd: out of bounds read
https://notcve.org/view.php?id=CVE-2007-3847
The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read. La fecha que maneja el código en modules/proxy/proxy_util.c (mod_proxy) en Apache 2.3.0, cuando se utiliza un MPM hilado, permite a servidores origen remotos provocar denegación de servicio (caida del proceso de proxy del cacheo de respuesta)a través de cabeceras de datos manipulados que disparan una sobre-lectura de búfer. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01182588 http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.vmware.com/pipermail/security-announce/200 • CWE-125: Out-of-bounds Read •