Lucene search

[email protected]CVE-2007-4308

HistoryAug 13, 2007 - 9:17 p.m.

CVE-2007-4308

2007-08-1321:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4308

linux kernel

aacraid

scsi layer

ioctl

permission vulnerability

denial of service

privilege escalation

5.2 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

CPENameOperatorVersion
adaptec:aacraid_controlleradaptec aacraid controllereq*

CPE	Name	Operator	Version
adaptec:aacraid_controller	adaptec aacraid controller	eq	*

References

kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2

lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html

lists.vmware.com/pipermail/security-announce/2008/000005.html

lkml.org/lkml/2007/7/23/195

secunia.com/advisories/26322

secunia.com/advisories/26643

secunia.com/advisories/26647

secunia.com/advisories/26651

secunia.com/advisories/27212

secunia.com/advisories/27322

secunia.com/advisories/27436

secunia.com/advisories/27747

secunia.com/advisories/27912

secunia.com/advisories/27913

secunia.com/advisories/28806

secunia.com/advisories/29032

secunia.com/advisories/29058

secunia.com/advisories/29570

secunia.com/advisories/33280

securitytracker.com/id?1019470

support.avaya.com/elmodocs2/security/ASA-2007-474.htm

www.debian.org/security/2007/dsa-1363

www.debian.org/security/2008/dsa-1503

www.debian.org/security/2008/dsa-1504

www.mandriva.com/security/advisories?name=MDKSA-2007:195

www.mandriva.com/security/advisories?name=MDKSA-2007:196

www.redhat.com/support/errata/RHSA-2007-0939.html

www.redhat.com/support/errata/RHSA-2007-0940.html

www.redhat.com/support/errata/RHSA-2007-1049.html

www.redhat.com/support/errata/RHSA-2008-0787.html

www.securityfocus.com/archive/1/488457/100/0/threaded

www.securityfocus.com/bid/25216

www.ubuntu.com/usn/usn-508-1

www.ubuntu.com/usn/usn-509-1

www.ubuntu.com/usn/usn-510-1

www.vupen.com/english/advisories/2007/2786

www.vupen.com/english/advisories/2008/0637

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8872

5.2 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2007-4308

prion1 securityvulns1 veracode1 ubuntucve1 nessus25 vmware2 openvas35 suse3 debian4 osv4 centos4 oraclelinux3 redhat5 ubuntu3