CVE-2007-3740
Published: 14 September 2007
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
From the Ubuntu Security Team
It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges.
Priority
Status
Package | Release | Status |
---|---|---|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.15-29.60)
|
upstream |
Needed
|
|
linux-source-2.6.17 Launchpad, Ubuntu, Debian |
edgy |
Released
(2.6.17.1-12.41)
|
upstream |
Needed
|
|
linux-source-2.6.20 Launchpad, Ubuntu, Debian |
feisty |
Released
(2.6.20-16.32)
|
upstream |
Needed
|
|
linux-source-2.6.22 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.6.22)
|