#VU94800 Incorrect default permissions in Linux kernel - CVE-2007-4308

Vulnerability identifier: #VU94800

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2007-4308

CWE-ID: CWE-276

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform service disruption.

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2
https://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
https://lists.vmware.com/pipermail/security-announce/2008/000005.html
https://lkml.org/lkml/2007/7/23/195
https://secunia.com/advisories/26322
https://secunia.com/advisories/26643
https://secunia.com/advisories/26647
https://secunia.com/advisories/26651
https://secunia.com/advisories/27212
https://secunia.com/advisories/27322
https://secunia.com/advisories/27436
https://secunia.com/advisories/27747
https://secunia.com/advisories/27912
https://secunia.com/advisories/27913
https://secunia.com/advisories/28806
https://secunia.com/advisories/29032
https://secunia.com/advisories/29058
https://secunia.com/advisories/29570
https://secunia.com/advisories/33280
https://securitytracker.com/id?1019470
https://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
https://www.debian.org/security/2007/dsa-1363
https://www.debian.org/security/2008/dsa-1503
https://www.debian.org/security/2008/dsa-1504
https://www.mandriva.com/security/advisories?name=MDKSA-2007:195
https://www.mandriva.com/security/advisories?name=MDKSA-2007:196
https://www.redhat.com/support/errata/RHSA-2007-0939.html
https://www.redhat.com/support/errata/RHSA-2007-0940.html
https://www.redhat.com/support/errata/RHSA-2007-1049.html
https://www.redhat.com/support/errata/RHSA-2008-0787.html
https://www.securityfocus.com/archive/1/488457/100/0/threaded
https://www.securityfocus.com/bid/25216
https://www.ubuntu.com/usn/usn-508-1
https://www.ubuntu.com/usn/usn-509-1
https://www.ubuntu.com/usn/usn-510-1
https://www.vupen.com/english/advisories/2007/2786
https://www.vupen.com/english/advisories/2008/0637
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8872

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.