CVE-2007-3843

CIFS signing sec= mount options don't work correctly

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

El kernel Linux versiones anteriores a 2.6.23-rc1 comprueba la variable global errónea para la opción de montado CIFS sec, lo cual podría permitir a atacantes remotos falsificar tráfico de red CIFS que el cliente configuró para firmas de seguridad, como se demuestra por una falta de firmado a pesar de indicar sec=ntlmv2i en una petición SetupAndX.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-18 CVE Reserved
2007-08-09 CVE Published
2024-08-07 CVE Updated
2024-10-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (20)

URL	Tag	Source
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595	X_refsource_confirm
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1	X_refsource_confirm
http://secunia.com/advisories/26366	Third Party Advisory
http://secunia.com/advisories/26647	Third Party Advisory
http://secunia.com/advisories/26760	Third Party Advisory
http://secunia.com/advisories/27436	Third Party Advisory
http://secunia.com/advisories/27747	Third Party Advisory
http://secunia.com/advisories/27912	Third Party Advisory
http://secunia.com/advisories/28806	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm	X_refsource_confirm
http://www.securityfocus.com/bid/25244	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html	2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html	2017-09-29
http://www.debian.org/security/2007/dsa-1363	2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-0705.html	2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-0939.html	2017-09-29
http://www.ubuntu.com/usn/usn-510-1	2017-09-29
https://access.redhat.com/security/cve/CVE-2007-3843	2007-11-01
https://bugzilla.redhat.com/show_bug.cgi?id=275901	2007-11-01

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 2.6.22 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.6.22"		rc6		Affected