blob: 7d7f395a4cbdc58b205092facab32cc0456fc2c4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2007-3740
References:
https://bugzilla.redhat.com/show_bug.cgi?id=253314
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3ce53fc4c57603d99c330a6ee2fe96d94f2d350f
Description:
The CIFS filesystem, when Unix extension support is enabled, does
not honor the umask of a process, which allows local users to gain
privileges.
Ubuntu-Description:
It was discovered that certain CIFS filesystem actions did not honor the
umask of a process. Local attackers could exploit this to gain additional
privileges.
jmm> from maks:
jmm> 3ce53fc4c57603d99c330a6ee2fe96d94f2d350f v2.6.22-rc5
jmm> a8cd925f74c3b1b6d1192f9e75f9d12cc2ab148a v2.6.24-rc1
Notes:
Bugs:
upstream: released (2.6.22-rc5) [3ce53fc4c57603d99c330a6ee2fe96d94f2d350f]
linux-2.6: released (2.6.22-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch3) [bugfix/cifs-honor-umask.patch]
2.6.8-sarge-security: released (2.6.8-17sarge1) [cifs-honor-umask.dpatch]
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-29.59)
2.6.17-edgy-security: released (2.6.17.1-12.41 79255d92e1277021fc1be8e72897fe6177ab9b67)
2.6.20-feisty-security: released (2.6.20-16.32 d01415424757d4573d6fb28e44858607dca80eaa)
|
