CVE-2007-3843

high

Description

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670

http://www.ubuntu.com/usn/usn-510-1

http://www.securityfocus.com/bid/25244

http://www.redhat.com/support/errata/RHSA-2007-0939.html

http://www.redhat.com/support/errata/RHSA-2007-0705.html

http://www.debian.org/security/2007/dsa-1363

http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

http://secunia.com/advisories/28806

http://secunia.com/advisories/27912

http://secunia.com/advisories/27747

http://secunia.com/advisories/27436

http://secunia.com/advisories/26760

http://secunia.com/advisories/26647

http://secunia.com/advisories/26366

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595

Details

Source: Mitre, NVD

Published: 2007-08-09

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High