CVE-2007-3740

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Published: Sep 14, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3740
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.18-rc3	2.6.18-rc3.x
linux / linux_kernel	2.6.18-rc2	2.6.18-rc2.x
linux / linux_kernel	2.4.36.6	2.4.36.6.x
linux / linux_kernel	2.6.18-rc5	2.6.18-rc5.x
linux / linux_kernel	2.6.18-rc4	2.6.18-rc4.x
linux / linux_kernel	2.6.21.6	2.6.21.6.x
linux / linux_kernel	2.4.36.2	2.4.36.2.x
linux / linux_kernel	2.6.20.16	2.6.20.16.x
linux / linux_kernel	2.6.19.4	2.6.19.4.x
linux / linux_kernel	2.6.20.21	2.6.20.21.x
linux / linux_kernel	2.4.36.1	2.4.36.1.x
linux / linux_kernel	2.6.20.17	2.6.20.17.x
linux / linux_kernel	2.6.21.5	2.6.21.5.x
linux / linux_kernel	2.4.36.4	2.4.36.4.x
linux / linux_kernel	2.6.20.20	2.6.20.20.x
linux / linux_kernel	2.4.36.3	2.4.36.3.x
linux / linux_kernel	2.6.20.18	2.6.20.18.x
linux / linux_kernel	2.6.19.7	2.6.19.7.x
linux / linux_kernel	2.6.20.19	2.6.20.19.x
linux / linux_kernel	2.6.18-rc7	2.6.18-rc7.x
linux / linux_kernel	2.4.36	2.4.36.x
linux / linux_kernel	2.6.19.6	2.6.19.6.x
linux / linux_kernel	2.6.18-rc6	2.6.18-rc6.x
linux / linux_kernel	2.6.19.5	2.6.19.5.x
linux / linux_kernel	2.6.18	2.6.18.x
linux / linux_kernel	2.4.36.5	2.4.36.5.x
linux / linux_kernel	2.2.27	2.2.27.x
linux / linux_kernel	-	2.6.21.7.x
linux / linux_kernel	2.6.18-rc1	2.6.18-rc1.x
linux / linux_kernel	2.6	2.6.x

Vulnerability Database

CVE-2007-3740

Deep Security Visibility Without the Complexity