what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-3740

Status Candidate

Overview

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Related Files

Mandriva Linux Security Advisory 2008-105
Posted May 22, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Denial of service, out of bounds, race condition, and various other vulnerabilities have been patched in the Linux 2.6 kernel.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-3851, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2008-1375, CVE-2008-1669
SHA-256 | b348d7056d7c7999326caf977e83f0e7f35795711a865d85e90ae265f9a90eb3
dsa-1504.txt
Posted Feb 23, 2008
Site debian.org

Debian Security Advisory 1504 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2006-5823, CVE-2006-6054, CVE-2006-6058, CVE-2006-7203, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3848, CVE-2007-4133, CVE-2007-4308, CVE-2007-4573, CVE-2007-5093, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206
SHA-256 | d9234e89f15889ca0ed30e9932d41bab7de4afb38fb3aa7aca4a51d6e95b9ab4
Mandriva Linux Security Advisory 2008-008
Posted Jan 12, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A ridiculous amount of vulnerabilities have been addressed in the Linux 2.6 kernel for Mandriva.

tags | advisory, kernel, vulnerability
systems | linux, mandriva
advisories | CVE-2007-3740, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2006-6058, CVE-2007-6063
SHA-256 | 273dd41aecd87f51b63ff47cc5aa3196118b5111297e3b63b32036740b57e3ce
Debian Linux Security Advisory 1378-2
Posted Sep 30, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
SHA-256 | 0605e3e63d0b2b1a9ed33c2af397d4bac98e7c643acc8edde998a2b4b02aa190
Debian Linux Security Advisory 1378-1
Posted Sep 28, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.

tags | advisory, remote, denial of service, arbitrary, kernel, local, vulnerability
systems | linux, debian, osx
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849
SHA-256 | a56c85f0ecdf3e651d2434a366021bc2c8d68d25429c3ec3ac903a06e6f3497b
Ubuntu Security Notice 518-1
Posted Sep 26, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573
SHA-256 | 707a8324e923c3b666125afd73e3124c380a5372e1844659bbf9ed0082e9b4cf
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close