CVE-2007-6328 - Vulnerability Details - OpenCVE

DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00115.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:dosbox:dosbox:*:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Dosbox Subscribe	Dosbox Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://aluigi.org/poc/dosboxxx.zip
http://osvdb.org/44766
http://securityreason.com/securityalert/3442
http://www.securityfocus.com/archive/1/484835/100/0/threaded
http://www.securityfocus.com/bid/26802
http://www.vupen.com/english/advisories/2007/4170
https://exchange.xforce.ibmcloud.com/vulnerabilities/38970
https://www.cve.org/CVERecord?id=CVE-2007-6328

History

Wed, 28 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2007-6328

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2007-6328 https://www.cve.org/CVERecord?id=CVE-2007-6328

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-13T19:00:00

Updated: 2024-08-07T16:02:36.752Z

Reserved: 2007-12-13T00:00:00

Link: CVE-2007-6328

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-13T19:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6328

Redhat

Severity :

Publid Date: 2007-12-10T00:00:00Z

Links: CVE-2007-6328 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071210 Filesystem access in DOSBox 0.72", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484835/100/0/threaded"}, {"name": "ADV-2007-4170", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4170"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.org/poc/dosboxxx.zip"}, {"name": "dosbox-mount-unauthorized-access(38970)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38970"}, {"name": "26802", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26802"}, {"name": "3442", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3442"}, {"name": "44766", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/44766"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071210 Filesystem access in DOSBox 0.72", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484835/100/0/threaded"}, {"name": "ADV-2007-4170", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4170"}, {"name": "http://aluigi.org/poc/dosboxxx.zip", "refsource": "MISC", "url": "http://aluigi.org/poc/dosboxxx.zip"}, {"name": "dosbox-mount-unauthorized-access(38970)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38970"}, {"name": "26802", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26802"}, {"name": "3442", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3442"}, {"name": "44766", "refsource": "OSVDB", "url": "http://osvdb.org/44766"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.752Z"}, "title": "CVE Program Container", "references": [{"name": "20071210 Filesystem access in DOSBox 0.72", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484835/100/0/threaded"}, {"name": "ADV-2007-4170", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4170"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.org/poc/dosboxxx.zip"}, {"name": "dosbox-mount-unauthorized-access(38970)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38970"}, {"name": "26802", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26802"}, {"name": "3442", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3442"}, {"name": "44766", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/44766"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6328", "datePublished": "2007-12-13T19:00:00", "dateReserved": "2007-12-13T00:00:00", "dateUpdated": "2024-08-07T16:02:36.752Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dosbox:dosbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "159B1A8C-3B47-4EBB-8C20-46AD5E3D220D", "versionEndIncluding": "0.72", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem"}, {"lang": "es", "value": "** IMPUGNADA ** DOSBox 0.72 y anteriores permite a usuarios locales obtener acceso al sistema de ficheros del sistema operativo de la m\u00e1quina mediante el comando mount. NOTA: el investigador aporta una respuesta del fabricante afirmando que este no es un problema de seguridad."}], "id": "CVE-2007-6328", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-13T19:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.org/poc/dosboxxx.zip"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/44766"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3442"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484835/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26802"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/4170"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://aluigi.org/poc/dosboxxx.zip"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/44766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484835/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/4170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38970"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}