CVE-2007-5191

Source
https://nvd.nist.gov/vuln/detail/CVE-2007-5191
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2007-5191.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2007-5191
Related
Published
2007-10-04T16:17:00Z
Modified
2025-04-09T00:30:58Z
Downstream
Summary
[none]
Details

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

References

Affected packages

Debian:11 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-8

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-8

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / util-linux

Package

Name
util-linux
Purl
pkg:deb/debian/util-linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.13-8

Ecosystem specific

{
    "urgency": "low"
}