CVE-2007-5191

Publication date 4 October 2007

Last updated 24 July 2024

Ubuntu priority

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
loop-aes-utils	9.10 karmic	Fixed 2.13-2
	9.04 jaunty	Fixed 2.13-2
	8.10 intrepid	Fixed 2.13-2
	8.04 LTS hardy	Fixed 2.13-2
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life
util-linux	9.10 karmic	Fixed 2.13-8ubuntu1
	9.04 jaunty	Fixed 2.13-8ubuntu1
	8.10 intrepid	Fixed 2.13-8ubuntu1
	8.04 LTS hardy	Fixed 2.13-8ubuntu1
	7.10 gutsy	Fixed 2.13-8ubuntu1
	7.04 feisty	Fixed 2.12r-17ubuntu2.1
	6.10 edgy	Fixed 2.12r-11ubuntu2.1
	6.06 LTS dapper	Fixed 2.12r-4ubuntu6.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
loop-aes-utils	Vendor: http://www.debian.org/security/2008/dsa-1449

References

Related Ubuntu Security Notices (USN)

USN-533-1
util-linux vulnerability
22 October 2007

CVE-2007-5191

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references