CVE-2007-3843 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-3843
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3843

Description: The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-510-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html SAID Secunia Advisory: SA26760 Secunia Advisory: SA27436 Secunia Advisory: SA26366 Secunia Advisory: SA26647 Secunia Advisory: SA27747 Secunia Advisory: SA27912 Secunia Advisory: SA28806 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0939.html http://www.redhat.com/support/errata/RHSA-2007-0705.html DEBIAN http://www.debian.org/security/2007/dsa-1363 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1 http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595 BID 25244

Return to the previous page.