4.3

CVE-2007-3843

EPSS 2.04%
Veröffentlicht 09.08.2007 21:17:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Updaterc6 Version <= 2.6.22

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.04%	0.831

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/27436

http://secunia.com/advisories/27747

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

http://www.redhat.com/support/errata/RHSA-2007-0939.html

http://secunia.com/advisories/26760

http://www.redhat.com/support/errata/RHSA-2007-0705.html

http://secunia.com/advisories/26647

http://www.debian.org/security/2007/dsa-1363

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

http://secunia.com/advisories/28806

http://www.ubuntu.com/usn/usn-510-1

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

http://secunia.com/advisories/27912

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595

http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1

http://secunia.com/advisories/26366

http://www.securityfocus.com/bid/25244

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670

https://nvd.nist.gov/vuln/detail/CVE-2007-3843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3843

EUVD