Rmake
by Rpath
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5194 | 0.00 | — | 0.00 | Oct 4, 2007 | The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges. | |||
| CVE-2007-0557 | 0.00 | — | 0.00 | Jan 29, 2007 | rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536. | |||
| CVE-2007-0536 | 0.00 | — | 0.00 | Jan 27, 2007 | The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges. |
- CVE-2007-5194Oct 4, 2007risk 0.00cvss —epss 0.00
The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.
- CVE-2007-0557Jan 29, 2007risk 0.00cvss —epss 0.00
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.
- CVE-2007-0536Jan 27, 2007risk 0.00cvss —epss 0.00
The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.