Your submission was sent successfully! Close

CVE-2007-3740

Published: 14 September 2007

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

From the Ubuntu security team

It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges.

Priority

Medium

Status

Package Release Status
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-29.60)
upstream Needed

linux-source-2.6.17
Launchpad, Ubuntu, Debian
edgy
Released (2.6.17.1-12.41)
upstream Needed

linux-source-2.6.20
Launchpad, Ubuntu, Debian
feisty
Released (2.6.20-16.32)
upstream Needed

linux-source-2.6.22
Launchpad, Ubuntu, Debian
upstream
Released (2.6.22)