VYPR
Unrated severityNVD Advisory· Published Mar 20, 2007· Updated Jun 16, 2026

CVE-2007-1507

CVE-2007-1507

Description

The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

22
  • Openafs/Openafs22 versions
    cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:openafs:openafs:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:openafs:openafs:1.5.9:*:*:*:*:*:*:*
    • (no CPE)range: <1.4.4, <1.5.17

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.