NVD脆弱性詳細

CVE-2007-3740

概要	The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
公表日	2007年9月14日10:17
登録日	2021年1月29日14:16
最終更新日	2017年9月29日10:29

CVSS2.0 : MEDIUM
スコア	4.4
ベクター	AV:L/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:o:linux:linux_kernel:2.2.27:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.18:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7::::::
cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.19.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.19.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.19.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.17:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.18:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.19:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.20:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.21:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.21.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.21.6:::::::*
cpe:2.3:o:linux:linux_kernel::::::::		2.6.21.7

関連情報、対策とツール

No	URL	refsource	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html	SUSE
2	http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html	SUSE
3	http://secunia.com/advisories/26760	SECUNIA	Vendor Advisory
4	http://secunia.com/advisories/26955	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/26978	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/27436	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/27747	SECUNIA	Vendor Advisory
8	http://secunia.com/advisories/27912	SECUNIA	Vendor Advisory
9	http://secunia.com/advisories/28806	SECUNIA	Vendor Advisory
10	http://secunia.com/advisories/29058	SECUNIA	Vendor Advisory
11	http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm	CONFIRM
12	http://www.debian.org/security/2007/dsa-1378	DEBIAN
13	http://www.debian.org/security/2008/dsa-1504	DEBIAN
14	http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22	CONFIRM
15	http://www.mandriva.com/security/advisories?name=MDVSA-2008:008	MANDRIVA
16	http://www.mandriva.com/security/advisories?name=MDVSA-2008:105	MANDRIVA
17	http://www.redhat.com/support/errata/RHSA-2007-0705.html	REDHAT
18	http://www.redhat.com/support/errata/RHSA-2007-0939.html	REDHAT
19	http://www.securityfocus.com/bid/25672	BID
20	http://www.ubuntu.com/usn/usn-518-1	UBUNTU
21	https://bugzilla.redhat.com/show_bug.cgi?id=253314	MISC
22	https://exchange.xforce.ibmcloud.com/vulnerabilities/36593	XF
23	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9953	OVAL

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

構成1	以上	以下	より上	未満
cpe:2.3:o:linux:linux_kernel:2.2.27:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.4.36.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.18:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.18:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc4::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc5::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc6::::::
cpe:2.3:o:linux:linux_kernel:2.6.18:rc7::::::
cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.19.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.19.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.19.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.17:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.18:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.19:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.20:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.20.21:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.21.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.21.6:::::::*
cpe:2.3:o:linux:linux_kernel::::::::		2.6.21.7