#VU95217 Memory corruption in Linux kernel - CVE-2007-5904
Vulnerability identifier: #VU95217
Vulnerability risk: Low
CVSSv4.0: 5.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=133672efbc1085f9af990bdc145e1822ea93bcf3
https://lists.opensuse.org/opensuse-security-announce/2007-12/msg00001.html
https://lists.opensuse.org/opensuse-security-announce/2008-03/msg00002.html
https://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.html
https://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
https://marc.info/?l=linux-kernel&m=119455843205403&w=2
https://marc.info/?l=linux-kernel&m=119457447724276&w=2
https://secunia.com/advisories/27666
https://secunia.com/advisories/27888
https://secunia.com/advisories/27912
https://secunia.com/advisories/28643
https://secunia.com/advisories/28826
https://secunia.com/advisories/29245
https://secunia.com/advisories/29387
https://secunia.com/advisories/29570
https://secunia.com/advisories/30769
https://secunia.com/advisories/30818
https://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048
https://www.debian.org/security/2007/dsa-1428
https://www.novell.com/linux/security/advisories/2007_63_kernel.html
https://www.redhat.com/support/errata/RHSA-2008-0089.html
https://www.redhat.com/support/errata/RHSA-2008-0167.html
https://www.securityfocus.com/archive/1/487808/100/0/threaded
https://www.securityfocus.com/bid/26438
https://www.securitytracker.com/id?1019612
https://www.ubuntu.com/usn/usn-618-1
https://www.vupen.com/english/advisories/2007/3860
https://exchange.xforce.ibmcloud.com/vulnerabilities/38450
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9901
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
