Lucene search

[email protected]CVE-2007-3931

HistoryJul 21, 2007 - 12:30 a.m.

CVE-2007-3931

2007-07-2100:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3931

samsung

scx-4200

driver

setuid

permissions

installation

script

vulnerability

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The wrap_setuid_third_party_application function in the installation script for the Samsung SCX-4200 Driver 2.00.95 adds setuid permissions to third party applications such as xsane and xscanimage, which allows local users to gain privileges.

Affected configurations

NVD

Node

samsungscx-4200_driverMatch2.00.95

CPENameOperatorVersion
samsung:scx-4200_driversamsung scx-4200 drivereq2.00.95

CPE	Name	Operator	Version
samsung:scx-4200_driver	samsung scx-4200 driver	eq	2.00.95

References

it.slashdot.org/it/07/07/18/0319203.shtml

linuxfr.org/forums/15/22562.html

osvdb.org/38214

secunia.com/advisories/26092

www.securityfocus.com/bid/24953

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-3931

nvd1 prion1 cvelist1