Unrated severityNVD Advisory· Published Mar 20, 2007· Updated Apr 23, 2026
CVE-2007-1507
CVE-2007-1507
Description
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Affected products
21cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:openafs:openafs:1.5.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- www.openafs.org/pipermail/openafs-announce/2007/000186.htmlnvdPatchVendor Advisory
- secunia.com/advisories/24582nvdVendor Advisory
- secunia.com/advisories/24599nvdVendor Advisory
- secunia.com/advisories/24607nvdVendor Advisory
- www.debian.org/security/2007/dsa-1271nvdVendor Advisory
- www.openafs.org/pipermail/openafs-announce/2007/000185.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2007/1033nvdVendor Advisory
- secunia.com/advisories/24720nvd
- security.gentoo.org/glsa/glsa-200704-03.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.openafs.org/pipermail/openafs-announce/2007/000187.htmlnvd
- www.securityfocus.com/bid/23060nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/33180nvd
News mentions
0No linked articles in our index yet.