CVE-2007-0536

Name of the Vulnerable Software and Affected Versions rPath Linux 1

Description The issue is related to the chroot helper in rMake, which does not drop supplemental groups. This causes packages to be installed with insecure permissions and might allow local users to gain privileges.

Recommendations For rPath Linux 1, consider updating the rMake package to a version that correctly drops supplemental groups, or apply a configuration change to ensure that packages are installed with secure permissions. As a temporary workaround, restrict the use of the chroot helper in rMake to minimize the risk of exploitation.