retire old issues

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@1517 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 24 insertions, 0 deletions

diff --git a/retired/CVE-2007-3843 b/retired/CVE-2007-3843
new file mode 100644
index 00000000..b86726fc
--- /dev/null
+++ b/retired/CVE-2007-3843
@@ -0,0 +1,24 @@
+Candidate: CVE-2007-3843
+References: 
+Description: 
+ The Linux kernel before 2.6.23-rc1 checks the wrong global variable
+ for the CIFS sec mount option, which might allow remote attackers to
+ spoof CIFS network traffic that the client configured for security
+ signatures, as demonstrated by lack of signing despite sec=ntlmv2i in
+ a SetupAndX request.
+Ubuntu-Description: 
+ A flaw was discovered in the CIFS mount security checking.  Remote attackers
+ could spoof CIFS network traffic, which could lead a client to trust the
+ connection.
+Notes: 
+Bugs: 
+upstream: released (2.6.23-rc1)
+linux-2.6: released (2.6.23-1)
+2.6.18-etch-security: released (2.6.18.dfsg.1-13etch2) [bugfix/cifs-fix-sign-settings.patch]
+2.6.24-etch-security: N/A
+2.6.26-lenny-security: N/A
+2.6.8-sarge-security: ignore (2.6.8-17sarge1) "code looks substantially different"
+2.4.27-sarge-security: N/A "No cifs in 2.4.27"
+2.6.15-dapper-security: ignored (code looks substantially different)
+2.6.17-edgy-security: ignored (EOL)
+2.6.20-feisty-security: released (2.6.20-16.31)