CVE-2007-1507

Name of the Vulnerable Software and Affected Versions: OpenAFS versions 1.4.x through 1.4.3 OpenAFS versions 1.5.x through 1.5.16

Description: The issue allows attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache. This might lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations: For OpenAFS versions 1.4.x through 1.4.3, update to version 1.4.4 or later. For OpenAFS versions 1.5.x through 1.5.16, update to version 1.5.17 or later.