Lucene search

[email protected]CVE-2007-3945

HistoryJul 23, 2007 - 11:30 p.m.

CVE-2007-3945

2007-07-2323:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3945

rsbac

linux kernel

crypto api

authentication

user management

bypass

vectors

security vulnerability

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.

Affected configurations

NVD

Node

rsbacrule_set_based_access_controlRange<1.3.5

AND

linuxlinux_kernelRange2.6.0–2.6.39.4

CPENameOperatorVersion
rsbac:rule_set_based_access_controlrsbac rule set based access controllt1.3.5

CPE	Name	Operator	Version
rsbac:rule_set_based_access_control	rsbac rule set based access control	lt	1.3.5

References

download.rsbac.org/code/1.3.5/changes-1.3.5.txt

secunia.com/advisories/26147

securityreason.com/securityalert/2911

www.securityfocus.com/archive/1/474161/100/0/threaded

www.securityfocus.com/bid/25001

www.vupen.com/english/advisories/2007/2610

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.9%

JSON

Related for CVE-2007-3945

nvd1 cvelist1 prion1