Candidate: CVE-2007-3740 References: https://bugzilla.redhat.com/show_bug.cgi?id=253314 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3ce53fc4c57603d99c330a6ee2fe96d94f2d350f Description: The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. Ubuntu-Description: It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. jmm> from maks: jmm> 3ce53fc4c57603d99c330a6ee2fe96d94f2d350f v2.6.22-rc5 jmm> a8cd925f74c3b1b6d1192f9e75f9d12cc2ab148a v2.6.24-rc1 Notes: Bugs: upstream: released (2.6.22-rc5) [3ce53fc4c57603d99c330a6ee2fe96d94f2d350f] linux-2.6: released (2.6.22-1) 2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/cifs-honor-umask.patch] 2.6.8-sarge-security: released (2.6.8-17sarge1) [cifs-honor-umask.dpatch] 2.4.27-sarge-security: N/A 2.6.15-dapper-security: released (2.6.15-29.59) 2.6.17-edgy-security: released (2.6.17.1-12.41 79255d92e1277021fc1be8e72897fe6177ab9b67) 2.6.20-feisty-security: released (2.6.20-16.32 d01415424757d4573d6fb28e44858607dca80eaa)