what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2007-3740

Status Candidate

Overview

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Related Files

Mandriva Linux Security Advisory 2008-105
Posted May 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Denial of service, out of bounds, race condition, and various other vulnerabilities have been patched in the Linux 2.6 kernel.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-3851, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2008-1375, CVE-2008-1669
MD5 | 3fa1ea0631b7512016f57ab83beef01d
dsa-1504.txt
Posted Feb 23, 2008
Site debian.org

Debian Security Advisory 1504 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-5823, CVE-2006-6054, CVE-2006-6058, CVE-2006-7203, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3848, CVE-2007-4133, CVE-2007-4308, CVE-2007-4573, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206
MD5 | 6a98ca94c7306d808a8fbc6c05d02834
Mandriva Linux Security Advisory 2008-008
Posted Jan 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A ridiculous amount of vulnerabilities have been addressed in the Linux 2.6 kernel for Mandriva.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2006-6058, CVE-2007-6063
MD5 | 6981f616aa601a5ffceca2809f7d423b
Debian Linux Security Advisory 1378-2
Posted Sep 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
MD5 | 04adbac7175324943e6ca6d65e6bbeae
Debian Linux Security Advisory 1378-1
Posted Sep 28, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian, osx
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
MD5 | 5e6dd1cd0082c7a2a3959335b7ea1e1b
Ubuntu Security Notice 518-1
Posted Sep 26, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573
MD5 | b5d8988fb105e46c3ff6fc28098e12ca
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close