[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77982

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-5904

Date: (C)2007-11-09   (M)2017-10-04
 
CVSS Score: 6.8Access Vector: ADJACENT_NETWORK
Exploitability Subscore: 3.2Access Complexity: HIGH
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.

Reference:
SECTRACK-1019612
http://www.securityfocus.com/archive/1/archive/1/487808/100/0/threaded
BID-26438
SECUNIA-27666
SECUNIA-27888
SECUNIA-27912
SECUNIA-28643
SECUNIA-28826
SECUNIA-29245
SECUNIA-29387
SECUNIA-29570
SECUNIA-30769
SECUNIA-30818
ADV-2007-3860
DSA-1428
RHSA-2008:0089
RHSA-2008:0167
SUSE-SA:2007:063
SUSE-SA:2007:064
SUSE-SA:2008:013
SUSE-SA:2008:017
SUSE-SA:2008:030
USN-618-1
http://marc.info/?l=linux-kernel&m=119455843205403&w=2
http://marc.info/?l=linux-kernel&m=119457447724276&w=2
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=133672efbc1085f9af990bdc145e1822ea93bcf3
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
kernel-cifsvfs-sendreceive-bo(38450)

CPE    1
cpe:/o:linux:linux_kernel:2.6.23
CWE    1
CWE-119

© 2013 SecPod Technologies