CVE-2007-3740

Advisory lineage Upstream: 0 Downstream: 5

Downstream

DSA-1378-1 DSA-1378-2 DSA-1504-1 RHSA-2007:0705 RHSA-2007:0939

Modified

Published: 14 Sept 2007, 01:00

Last modified:07 Aug 2024, 14:28

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

v2.0 (nvd)

EPSS Score

0.12% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Sept 2007, 01:00

Published

Vulnerability first disclosed

07 Aug 2024, 14:28

Last Modified

Vulnerability information updated

Description

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

CVSS Metrics

v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.12%• Percentile: 30%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

linux•linux_kernel
≤ 2.6.21.7 | 2.2.27 | 2.4.36 | 2.4.36.1 | 2.4.36.2 | 2.4.36.3 | 2.4.36.4 | 2.4.36.5 | 2.4.36.6 | 2.6 | 2.6.18 | 2.6.18:rc1 | 2.6.18:rc2 | 2.6.18:rc3 | 2.6.18:rc4 | 2.6.18:rc5 | 2.6.18:rc6 | 2.6.18:rc7 | 2.6.19.4 | 2.6.19.5 | 2.6.19.6 | 2.6.19.7 | 2.6.20.16 | 2.6.20.17 | 2.6.20.18 | 2.6.20.19 | 2.6.20.20 | 2.6.20.21 | 2.6.21.5 | 2.6.21.6