Vulnerabilities

CVE-2007-1507

by Fred · 20/03/2007

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.

Date published : 2007-03-20

http://www.securityfocus.com/bid/23060

http://www.debian.org/security/2007/dsa-1271

Similar

Tags: Cybersecurity Alert