CVE-2007-3740

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

References

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

http://secunia.com/advisories/26760

http://secunia.com/advisories/26955

http://secunia.com/advisories/26978

http://secunia.com/advisories/27436

http://secunia.com/advisories/27747

http://secunia.com/advisories/27912

http://secunia.com/advisories/28806

http://secunia.com/advisories/29058

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

http://www.debian.org/security/2007/dsa-1378

http://www.debian.org/security/2008/dsa-1504

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

http://www.mandriva.com/security/advisories?name=MDVSA-2008:008

http://www.mandriva.com/security/advisories?name=MDVSA-2008:105

http://www.redhat.com/support/errata/RHSA-2007-0705.html

http://www.redhat.com/support/errata/RHSA-2007-0939.html

http://www.securityfocus.com/bid/25672

http://www.ubuntu.com/usn/usn-518-1

https://bugzilla.redhat.com/show_bug.cgi?id=253314

https://exchange.xforce.ibmcloud.com/vulnerabilities/36593

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9953

Details

Source: MITRE

Published: 2007-09-14

Updated: 2017-09-29

Type: CWE-264

Risk Information

CVSS v2

Base Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:2.2.27:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36.1:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36.3:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.4.36.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc2:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc3:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc4:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc5:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc6:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.18:rc7:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.19.4:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.19.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.19.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.19.7:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.20.16:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.20.17:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.20.18:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.20.19:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.20.20:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.20.21:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.21.5:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:2.6.21.6:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.21.7 (inclusive)

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
67580Oracle Linux 4 : kernel (ELSA-2007-0939)NessusOracle Linux Local Security Checks
medium
67543Oracle Linux 5 : kernel (ELSA-2007-0705)NessusOracle Linux Local Security Checks
medium
60280Scientific Linux Security Update : kernel on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59125SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4745)NessusSuSE Local Security Checks
high
43648CentOS 5 : kernel (CESA-2007:0705)NessusCentOS Local Security Checks
medium
37953CentOS 4 : kernel (CESA-2007:0939)NessusCentOS Local Security Checks
medium
37772Mandriva Linux Security Advisory : kernel (MDVSA-2008:105)NessusMandriva Local Security Checks
high
31148Debian DSA-1504-1 : kernel-source-2.6.8 - several vulnerabilitiesNessusDebian Local Security Checks
high
30142openSUSE 10 Security Update : kernel (kernel-4929)NessusSuSE Local Security Checks
high
29880openSUSE 10 Security Update : kernel (kernel-4752)NessusSuSE Local Security Checks
high
29489SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 4741)NessusSuSE Local Security Checks
high
28123Ubuntu 6.06 LTS / 6.10 / 7.04 : linux-source-2.6.15, linux-source-2.6.17, linux-source-2.6.20 vulnerabilities (USN-518-1)NessusUbuntu Local Security Checks
high
27616RHEL 4 : kernel (RHSA-2007:0939)NessusRed Hat Local Security Checks
medium
26208Debian DSA-1378-2 : linux-2.6 - several vulnerabilitiesNessusDebian Local Security Checks
high
26050RHEL 5 : kernel (RHSA-2007:0705)NessusRed Hat Local Security Checks
medium
801439CentOS RHSA-2007-0939 Security CheckLog Correlation EngineGeneric
high
801434CentOS RHSA-2007-0705 Security CheckLog Correlation EngineGeneric
high