Home > Vulnerability Database > CVE-2007-3843

Mend.io Vulnerability Database

CVE-2007-3843

Date: August 9, 2007

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

Severity Score

3.7

Related Resources (22)

Url: http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

Url: https://access.redhat.com/security/cve/CVE-2007-3843

Url: http://www.securityfocus.com/bid/25244

Url: http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9670

Url: http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc1

Url: http://www.ubuntu.com/usn/usn-510-1

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3843

Url: http://www.debian.org/security/2007/dsa-1363

Url: http://secunia.com/advisories/28806

Url: http://secunia.com/advisories/27747

Url: http://secunia.com/advisories/26647

Url: http://secunia.com/advisories/27912

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-3843

Url: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

Url: http://secunia.com/advisories/26366

Url: http://www.redhat.com/support/errata/RHSA-2007-0939.html

Url: http://secunia.com/advisories/26760

Url: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246595

Url: http://www.redhat.com/support/errata/RHSA-2007-0705.html

Url: http://secunia.com/advisories/27436

Url: https://www.mend.io/vulnerability-database/CVE-2007-3843

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-3843

Date: August 9, 2007

Severity Score

Related Resources (22)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?