CVE

CVE-2007-3843

Date: (C)2007-08-09   (M)2023-12-22

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

BID-25244

SECUNIA-26366

SECUNIA-26647

SECUNIA-26760

SECUNIA-27436

SECUNIA-27747

SECUNIA-27912

SECUNIA-28806

DSA-1363

RHSA-2007:0705

RHSA-2007:0939

SUSE-SA:2007:064

SUSE-SA:2008:006

USN-510-1

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595

http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

oval:org.mitre.oval:def:9670