Vulnerability Name:

CVE-2007-5904 (CCN-38450)

Assigned:2007-11-08
Published:2007-11-08
Updated:2018-10-15
Summary:Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C)
5.0 Medium (Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-5904

Source: CCN
Type: Linux kernel GIT Repository
[CIFS] Fix buffer overflow if server sends corrupt response to small request

Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commitdiff;h=133672efbc1085f9af990bdc145e1822ea93bcf3

Source: CCN
Type: Linux CIFS Client Web page
CIFS VFS

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:064

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:013

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:017

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:030

Source: CCN
Type: linux-kernel Mailing List, 2007-11-08 21:20:03
Buffer overflow in CIFS VFS.

Source: MLIST
Type: UNKNOWN
[linux-kernel] 20071108 Buffer overflow in CIFS VFS.

Source: CCN
Type: linux-kernel Mailing List, 2007-11-09 2:12:25
Re: Fw: Buffer overflow in CIFS VFS.

Source: MLIST
Type: UNKNOWN
[linux-kernel] 20071109 Re: Fw: Buffer overflow in CIFS VFS.

Source: CCN
Type: RHSA-2008-0089
Important: kernel security and bug fix update

Source: CCN
Type: RHSA-2008-0167
Moderate: kernel security and bug fix update

Source: CCN
Type: SA27666
Linux Kernel CIFS "SendReceive()" Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
27666

Source: SECUNIA
Type: UNKNOWN
27888

Source: SECUNIA
Type: UNKNOWN
27912

Source: SECUNIA
Type: UNKNOWN
28643

Source: SECUNIA
Type: UNKNOWN
28826

Source: SECUNIA
Type: UNKNOWN
29245

Source: SECUNIA
Type: UNKNOWN
29387

Source: SECUNIA
Type: UNKNOWN
29570

Source: SECUNIA
Type: UNKNOWN
30769

Source: SECUNIA
Type: UNKNOWN
30818

Source: CCN
Type: SECTRACK ID: 1019612
Linux Kernel Buffer Overflow in CIFS VFS May Let Remote Authenticated Users Execute Arbitrary Code

Source: CCN
Type: ASA-2008-165
kernel security and bug fix update (RHSA-2008-0167)

Source: CONFIRM
Type: UNKNOWN
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048

Source: DEBIAN
Type: UNKNOWN
DSA-1428

Source: DEBIAN
Type: DSA-1428
linux-2.6 -- several vulnerabilities

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:063

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0089

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0167

Source: BUGTRAQ
Type: UNKNOWN
20080208 rPSA-2008-0048-1 kernel

Source: BID
Type: UNKNOWN
26438

Source: CCN
Type: BID-26438
Linux Kernel CIFS Transport.C Remote Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1019612

Source: CCN
Type: USN-618-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-618-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-3860

Source: XF
Type: UNKNOWN
linux-kernel-cifsvfs-sendreceive-bo(38450)

Source: XF
Type: UNKNOWN
kernel-cifsvfs-sendreceive-bo(38450)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9901

Source: SUSE
Type: SUSE-SA:2007:063
Linux kernel security problems

Source: SUSE
Type: SUSE-SA:2007:064
Linux kernel security problems

Source: SUSE
Type: SUSE-SA:2008:013
Linux kernel security problem

Source: SUSE
Type: SUSE-SA:2008:017
Linux kernel security update

Source: SUSE
Type: SUSE-SA:2008:030
Linux kernel security update

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.6.23)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.19:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.21:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.20:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.23:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.15:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.14:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.17:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.18:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.22:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.2:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.10:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.11:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.13:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.3:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.4:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.5:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.6:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.7:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20075904
    V
    		CVE-2007-5904
    2015-11-16
    oval:org.mitre.oval:def:17771
    P
    		USN-618-1 -- linux-source-2.6.15/20/22 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20179
    P
    		DSA-1428-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21882
    P
    		ELSA-2008:0089: kernel security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:9901
    V
    		Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
    2013-04-29
    oval:com.redhat.rhsa:def:20080089
    P
    		RHSA-2008:0089: kernel security and bug fix update (Important)
    2008-03-28
    oval:com.redhat.rhsa:def:20080167
    P
    		RHSA-2008:0167: kernel security and bug fix update (Moderate)
    2008-03-14
    oval:org.debian:def:1428
    V
    		several vulnerabilities
    2007-12-11
    BACK
    linux linux kernel *
    linux linux kernel 2.6.16
    linux linux kernel 2.6.19
    linux linux kernel 2.6.21
    linux linux kernel 2.6.20
    linux linux kernel 2.6.23
    linux linux kernel 2.6.15
    linux linux kernel 2.6.14
    linux linux kernel 2.6.17
    linux linux kernel 2.6.18
    linux linux kernel 2.6.22
    linux linux kernel 2.6.2
    linux linux kernel 2.6.0
    linux linux kernel 2.6.1
    linux linux kernel 2.6.10
    linux linux kernel 2.6.11
    linux linux kernel 2.6.12
    linux linux kernel 2.6.13
    linux linux kernel 2.6.3
    linux linux kernel 2.6.4
    linux linux kernel 2.6.5
    linux linux kernel 2.6.6
    linux linux kernel 2.6.7
    linux linux kernel 2.6.8
    linux linux kernel 2.6.9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    canonical ubuntu 6.06
    suse suse linux 10.1
    suse linux enterprise server 9
    novell suse linux enterprise server 10 sp2
    redhat enterprise linux 5
    debian debian linux 4.0
    canonical ubuntu 7.04
    redhat enterprise linux 5
    canonical ubuntu 7.10
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3