Vulnerabilities > CVE-2007-1507 - Configuration vulnerability in Openafs
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-066.NASL description By default, OpenAFS prior to 1.44 and 1.5.17 supports setuid programs within the local cell, which could allow attackers to obtain privileges. Updated packages have been patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24892 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24892 title Mandrake Linux Security Advisory : openafs (MDKSA-2007:066) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-03.NASL description The remote host is affected by the vulnerability described in GLSA-200704-03 (OpenAFS: Privilege escalation) Benjamin Bennett discovered that the OpenAFS client contains a design flaw where cache managers do not use authenticated server connections when performing actions not requested by a user. Impact : If setuid is enabled on the client cells, an attacker can supply a fake FetchStatus reply that sets setuid and root ownership of a file being executed. This could provide root access on the client. Remote attacks may be possible if an attacker can entice a user to execute a known file. Note that setuid is enabled by default in versions of OpenAFS prior to 1.4.4. Workaround : Disable the setuid functionality on all client cells. This is now the default configuration in OpenAFS. last seen 2020-06-01 modified 2020-06-02 plugin id 24936 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24936 title GLSA-200704-03 : OpenAFS: Privilege escalation NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1271.NASL description A design error has been identified in the OpenAFS, a cross-platform distributed filesystem included with Debian. OpenAFS historically has enabled setuid filesystem support for the local cell. However, with its existing protocol, OpenAFS can only use encryption, and therefore integrity protection, if the user is authenticated. Unauthenticated access doesn last seen 2020-06-01 modified 2020-06-02 plugin id 24880 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24880 title Debian DSA-1271-1 : openafs - design error
References
- http://secunia.com/advisories/24582
- http://secunia.com/advisories/24599
- http://secunia.com/advisories/24607
- http://secunia.com/advisories/24720
- http://security.gentoo.org/glsa/glsa-200704-03.xml
- http://www.debian.org/security/2007/dsa-1271
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:066
- http://www.openafs.org/pipermail/openafs-announce/2007/000185.html
- http://www.openafs.org/pipermail/openafs-announce/2007/000186.html
- http://www.openafs.org/pipermail/openafs-announce/2007/000187.html
- http://www.securityfocus.com/bid/23060
- http://www.securitytracker.com/id?1017807
- http://www.vupen.com/english/advisories/2007/1033
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33180