CVE DATABASE / CVE-2007-5191
CVE-2007-5191
CVSS 7.2 · HIGH
Summary
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
CVSS 2.0 breakdown
| Base score | 7.2 (HIGH) |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Confidentiality | COMPLETE |
| Integrity | COMPLETE |
| Availability | COMPLETE |
Weakness type (CWE)
Affected products
Kernel util-linuxLoop-aes-utils_project loop-aes-utilsFedoraproject fedoraCanonical ubuntu linuxDebian debian linux
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://bugs.gentoo.org/show_bug.cgi?id=195390
- http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198
- http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
- http://secunia.com/advisories/27104
- http://secunia.com/advisories/27122
- http://secunia.com/advisories/27145
- http://secunia.com/advisories/27188
- http://secunia.com/advisories/27283
- http://secunia.com/advisories/27354
- http://secunia.com/advisories/27399
- http://secunia.com/advisories/27687
- http://secunia.com/advisories/28348
- http://secunia.com/advisories/28349
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.