Security readout for executives and security teams
This is a legacy rPath Linux issue where a system log file for failed login attempts could be left too readable. Local users may learn sensitive authentication-attempt details. The same bad permissions can also cause sshd to skip logging some failed remote login attempts, weakening detection. Exposure appears limited to legacy rPath Linux 1 systems using the affected initscripts. Risk is highest where untrusted local users have shell access, or where SSH brute-force monitoring depends on complete failed-login records. Treat this as a targeted cleanup item for legacy Linux assets. It is not a broad internet-facing remote code execution issue, but it can reduce visibility into SSH attacks and expose authentication-attempt details to local users. Mitigation focus: Review rPath advisory RPL-1825 and related initscripts advisories.; Apply vendor-published initscripts updates if available for the affected system.; Restrict local shell access on any legacy rPath Linux 1 hosts..
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2007-5686 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://issues.rpath.com/browse/RPL-1825CVE reference · x_refsource_CONFIRM
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
