6.4

CVE-2007-3945

EPSS 0.75%
Veröffentlicht 23.07.2007 23:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rsbac ≫ Rule Set Based Access Control Version < 1.3.5

Linux ≫ Linux Kernel Version >= 2.6.0 <= 2.6.39.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.722

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://download.rsbac.org/code/1.3.5/changes-1.3.5.txt

Vendor Advisory

http://secunia.com/advisories/26147

Broken Link

http://securityreason.com/securityalert/2911

Third Party Advisory

http://www.securityfocus.com/archive/1/474161/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/25001

Third Party Advisory

Broken Link

VDB Entry

http://www.vupen.com/english/advisories/2007/2610

URL Repurposed

https://nvd.nist.gov/vuln/detail/CVE-2007-3945

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3945

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3945

EUVD