Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2007-4849 | First vendor Publication | 2007-09-12 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4849 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18649 | |||
Oval ID: | oval:org.mitre.oval:def:18649 | ||
Title: | DSA-1378-2 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1378-2 CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 fai-kernels user-mode-linux |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20370 | |||
Oval ID: | oval:org.mitre.oval:def:20370 | ||
Title: | DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities | ||
Description: | Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1378-1 CVE-2007-3731 CVE-2007-3739 CVE-2007-3740 CVE-2007-4573 CVE-2007-4849 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | linux-2.6 fai-kernels user-mode-linux |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-558-1 File : nvt/gb_ubuntu_USN_558_1.nasl |
2009-03-23 | Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1 File : nvt/gb_ubuntu_USN_574_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1378-1 (linux-2.6) File : nvt/deb_1378_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1378-2 (linux-2.6) File : nvt/deb_1378_2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1381-1 (linux-2.6) File : nvt/deb_1381_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1381-2 (linux-2.6) File : nvt/deb_1381_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40564 | JFFS2 POSIX ACL Support Legacy Modes Local Information Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-02-05 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-558-1.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1378.nasl - Type : ACT_GATHER_INFO |
2007-10-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1381.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:47:55 |
|
2021-05-04 12:06:24 |
|
2021-04-22 01:06:56 |
|
2020-05-23 00:20:27 |
|
2016-04-26 16:35:32 |
|
2014-02-17 10:41:45 |
|
2013-05-11 10:36:20 |
|