First published: Tue Mar 20 2007(Updated: )
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Openafs Openafs | =1.4.4 | |
Openafs Openafs | =1.4.3 | |
Openafs Openafs | =1.4.0 | |
Openafs Openafs | =1.5.6 | |
Openafs Openafs | =1.4.2 | |
Openafs Openafs | =1.5.13 | |
Openafs Openafs | =1.5.3 | |
Openafs Openafs | =1.5.5 | |
Openafs Openafs | =1.5.12 | |
Openafs Openafs | =1.5.1 | |
Openafs Openafs | =1.5.15 | |
Openafs Openafs | =1.5.8 | |
Openafs Openafs | =1.5.16 | |
Openafs Openafs | =1.5.14 | |
Openafs Openafs | =1.5.9 | |
Openafs Openafs | =1.5.10 | |
Openafs Openafs | =1.5.0 | |
Openafs Openafs | =1.5.2 | |
Openafs Openafs | =1.4.1 | |
Openafs Openafs | =1.5.11 | |
Openafs Openafs | =1.5.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.