CVE-2007-3740

Linux Kernel < 2.6.21.7 - Access Control

Title source: rule

Description

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

References (23)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

[Vendor Advisory] http://secunia.com/advisories/26760

[Vendor Advisory] http://secunia.com/advisories/26955

[Vendor Advisory] http://secunia.com/advisories/26978

[Vendor Advisory] http://secunia.com/advisories/27436

[Vendor Advisory] http://secunia.com/advisories/27747

[Vendor Advisory] http://secunia.com/advisories/27912

[Vendor Advisory] http://secunia.com/advisories/28806

[Vendor Advisory] http://secunia.com/advisories/29058

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

[Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:008

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:105

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0705.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-0939.html

[Vendor Advisory] http://www.ubuntu.com/usn/usn-518-1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=253314

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36593

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25672

... and 3 more

Scores

EPSS 0.0011

EPSS Percentile 29.3%

Classification

CWE

CWE-264

Status draft

Affected Products (30)

linux/linux_kernel < 2.6.21.7

linux/linux_kernel

... and 15 more

Timeline

Published Sep 14, 2007

Tracked Since Feb 18, 2026