Lucene search

[email protected]CVE-2007-0822

HistoryFeb 07, 2007 - 8:28 p.m.

CVE-2007-0822

2007-02-0720:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0822

umount

linux 2.6.15

slackware linux 10.2

null dereference

application crash

sensitive information

usb

pen drive

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.

Affected configurations

NVD

Node

linuxlinux_kernelMatch2.6.15

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.15

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.15

References

archives.neohapsis.com/archives/fulldisclosure/2007-02/0012.html

gotfault.wordpress.com/2007/01/18/umount-bug/

osvdb.org/33652

www.mandriva.com/security/advisories?name=MDKSA-2007:053

www.securityfocus.com/bid/22850

www.securitytracker.com/id?1017729

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-0822

nessus1 nvd1 prion1 cvelist1 openvas2 redhatcve1 debiancve1