Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5904

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5904
Last Modified 07 Mar 2011 10:01:29
Published 09 Nov 2007 01:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2007-5904

Summary

Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6.23


References

XF - kernel-cifsvfs-sendreceive-bo(38450)

VUPEN - ADV-2007-3860

UBUNTU - USN-618-1

BID - 26438

REDHAT - RHSA-2008:0089

SUSE - SUSE-SA:2007:063

DEBIAN - DSA-1428

SECUNIA - 30818

SECUNIA - 30769

SECUNIA - 27912

SECUNIA - 27888

SECUNIA - 27666

MLIST - [linux-kernel] 20071109 Re: Fw: Buffer overflow in CIFS VFS.

MLIST - [linux-kernel] 20071108 Buffer overflow in CIFS VFS.

SUSE - SUSE-SA:2008:030

SUSE - SUSE-SA:2007:064

SECTRACK - 1019612

BUGTRAQ - 20080208 rPSA-2008-0048-1 kernel

REDHAT - RHSA-2008:0167

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048

SECUNIA - 29570

SECUNIA - 29387

SECUNIA - 29245

SECUNIA - 28826

SECUNIA - 28643

SUSE - SUSE-SA:2008:017

SUSE - SUSE-SA:2008:013

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=133672efbc1085f9af990bdc145e1822ea93bcf3


Last Updated: 27 May 2016 10:46:18