CVE-2007-3843 — Vulnetix

Try Vulnetix Request Demo

CVE-2007-3843 PUBLISHED CVSS 4.300000190734863 MEDIUM

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

EPSS 1.98% · 83.5th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

1.98%

83.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	0

Timeline

Aug 9, 2007 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

oval:org.mitre.oval:def:9670 vdb
27747 third-party-advisory
28806 third-party-advisory
DSA-1363 vendor-advisory
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1 url
RHSA-2007:0939 vendor-advisory
USN-510-1 vendor-advisory
25244 vdb
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm url
26647 third-party-advisory
27912 third-party-advisory
26760 third-party-advisory
RHSA-2007:0705 vendor-advisory
26366 third-party-advisory
SUSE-SA:2007:064 vendor-advisory
SUSE-SA:2008:006 vendor-advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595 url
27436 third-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2007-3843 advisory

Open in Interactive Console →