[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-3740Date: (C)2007-09-13   (M)2023-12-22


The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.4
Exploit Score: 3.4
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-25672
SECUNIA-26760
SECUNIA-26955
SECUNIA-26978
SECUNIA-27436
SECUNIA-27747
SECUNIA-27912
SECUNIA-28806
SECUNIA-29058
DSA-1378
DSA-1504
MDVSA-2008:008
MDVSA-2008:105
RHSA-2007:0705
RHSA-2007:0939
SUSE-SA:2007:064
SUSE-SA:2008:006
USN-518-1
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22
https://bugzilla.redhat.com/show_bug.cgi?id=253314
kernel-cifs-filesystem-dos(36593)
oval:org.mitre.oval:def:9953

CPE    21
cpe:/o:linux:linux_kernel:2.6.18
cpe:/o:linux:linux_kernel:2.6.20.19
cpe:/o:linux:linux_kernel:2.6.21.5
cpe:/o:linux:linux_kernel:2.6.21.6
...
CWE    1
CWE-264
OVAL    2
oval:org.mitre.oval:def:8130
oval:org.secpod.oval:def:301365

© SecPod Technologies