Lucene search

K

[email protected]NVD:CVE-2007-3843

HistoryAug 09, 2007 - 9:17 p.m.

CVE-2007-3843

2007-08-0921:17:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.02

Percentile

89.1%

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

Affected configurations

NVD

Node

linuxlinux_kernelRange≤2.6.22rc6

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595

kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1

lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

secunia.com/advisories/26366

secunia.com/advisories/26647

secunia.com/advisories/26760

secunia.com/advisories/27436

secunia.com/advisories/27747

secunia.com/advisories/27912

secunia.com/advisories/28806

support.avaya.com/elmodocs2/security/ASA-2007-474.htm

www.debian.org/security/2007/dsa-1363

www.redhat.com/support/errata/RHSA-2007-0705.html

www.redhat.com/support/errata/RHSA-2007-0939.html

www.securityfocus.com/bid/25244

www.ubuntu.com/usn/usn-510-1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.02

Percentile

89.1%

Related for NVD:CVE-2007-3843

ubuntucve1 veracode1 cvelist1 cve1 f52 prion1 nessus15 openvas6 debian1 oraclelinux3 osv1 redhat2 suse2 centos2 ubuntu1