National Cyber-Alert System

Vulnerability Summary for CVE-2007-3740

Overview

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statements (disclaimer)

Official Statement from Red Hat (10/18/2007)

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: https://bugzilla.redhat.com/show_bug.cgi?id=253314

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=253314

External Source: XF

Name: kernel-cifs-filesystem-dos(36593)

Hyperlink:http://xforce.iss.net/xforce/xfdb/36593

External Source: UBUNTU

Name: USN-518-1

Hyperlink:http://www.ubuntu.com/usn/usn-518-1

External Source: BID

Name: 25672

Hyperlink:http://www.securityfocus.com/bid/25672

External Source: REDHAT

Name: RHSA-2007:0939

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0939.html

External Source: REDHAT

Name: RHSA-2007:0705

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0705.html

External Source: MANDRIVA

Name: MDVSA-2008:105

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:105

External Source: MANDRIVA

Name: MDVSA-2008:008

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:008

External Source: CONFIRM

Name: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

Hyperlink:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

External Source: DEBIAN

Name: DSA-1504

Hyperlink:http://www.debian.org/security/2008/dsa-1504

External Source: DEBIAN

Name: DSA-1378

Hyperlink:http://www.debian.org/security/2007/dsa-1378

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

External Source: SECUNIA

Name: 29058

Type: Advisory

Hyperlink:http://secunia.com/advisories/29058

External Source: SECUNIA

Name: 28806

Type: Advisory

Hyperlink:http://secunia.com/advisories/28806

External Source: SECUNIA

Name: 27912

Type: Advisory

Hyperlink:http://secunia.com/advisories/27912

External Source: SECUNIA

Name: 27747

Type: Advisory

Hyperlink:http://secunia.com/advisories/27747

External Source: SECUNIA

Name: 27436

Type: Advisory

Hyperlink:http://secunia.com/advisories/27436

External Source: SECUNIA

Name: 26978

Type: Advisory

Hyperlink:http://secunia.com/advisories/26978

External Source: SECUNIA

Name: 26955

Type: Advisory

Hyperlink:http://secunia.com/advisories/26955

External Source: SECUNIA

Name: 26760

Type: Advisory

Hyperlink:http://secunia.com/advisories/26760

External Source: OVAL

Name: oval:org.mitre.oval:def:9953

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9953

External Source: SUSE

Name: SUSE-SA:2008:006

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

External Source: SUSE

Name: SUSE-SA:2007:064

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

References to Check Content

Identifier:oval:org.mitre.oval:def:9953

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9953