CVE-2007-0005

Linux kernel < 2.6.21-rc3 - Buffer Overflow in Omnikey CardMan 4040 Driver

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0005. PoCs published by Daniel Roethlisberger.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Linux Omnikey Cardman 4040 driver by writing a large buffer to /dev/cmx0. The payload is a simple pattern designed to trigger the overflow without executing arbitrary code.

Description

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Daniel Roethlisberger · cdoslinux

https://www.exploit-db.com/exploits/3441

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Linux Omnikey Cardman 4040 driver by writing a large buffer to /dev/cmx0. The payload is a simple pattern designed to trigger the overflow without executing arbitrary code.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux Omnikey Cardman 4040 driver

No auth needed

Prerequisites: Access to /dev/cmx0 device file

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24

Core References

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1286

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-0099.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24901

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2007:078

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/33023

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/462300/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24777

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24436

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/0872

Patch, Vendor Advisory x_refsource_confirm

http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-489-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24518

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11238

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/471457

Mailing List vendor-advisory x_refsource_fedora

http://fedoranews.org/cms/node/2787

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1035

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25078

Mailing List vendor-advisory x_refsource_fedora

http://fedoranews.org/cms/node/2788

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/32880

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22870

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-486-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25691

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26139

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26133

Scores

EPSS 0.0062

EPSS Percentile 44.7%

Details

CWE

CWE-119

Status published

Products (1)

omnikey.aaitg/omnikey_cardman_4040

Published Mar 10, 2007

Tracked Since Feb 18, 2026