Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:9953

Version

Class

vulnerability

ALTXid

1636

Language

English

Severity

NotAvailable

Title

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Description

The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

Family

unix

Platform

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2010-07-09T03:56:16-04:00 : submitted
  - SCAP.com, LLC Aharon Chernin
- 2010-07-28T14:19:36.571-04:00 : status_change DRAFT
- 2010-08-16T04:15:08.852-04:00 : status_change INTERIM
- 2010-09-06T04:16:17.310-04:00 : status_change ACCEPTED
- 2013-04-10T17:36:00.135-04:00 : modified EDITED oval:org.mitre.oval:def:9953 - Expanded the vulnerability checks for RHEL 3, 4, and 5 to cover CentOS 3, 4, 5 and Oracle Linux 4 and 5
  - G2, Inc. Dragos Prisaca
- 2013-04-10T17:40:12.405-04:00 : status_change INTERIM
- 2013-04-29T04:23:36.089-04:00 : status_change ACCEPTED

Reference

CVE: CVE-2007-3740

Criteria

Expand All

Collapse All

AND

OS Section: RHEL4, CentOS4, Oracle Linux 4

OR	RHEL4, CentOS4 or Oracle Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11831) The operating system installed on the system is Red Hat Enterprise Linux 4

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16636) CentOS Linux 4.x
EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15990) Oracle Linux 4.x

OR	Configuration section

CRITERION kernel-xenU is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34864) version=1, comment=kernel-xenU is earlier than 0:2.6.9-55.0.12.EL, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14301)
    name kernel-xenU
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL
CRITERION kernel-hugemem is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35017) check=at least one, check_existence=at_least_one_exists, comment=kernel-hugemem is earlier than 0:2.6.9-55.0.12.EL, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14362)
    name kernel-hugemem
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL

CRITERION

kernel-hugemem-devel is earlier than 0:2.6.9-55.0.12.EL

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35145) version=1, comment=kernel-hugemem-devel is earlier than 0:2.6.9-55.0.12.EL, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:13719)
name kernel-hugemem-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL

CRITERION

kernel-xenU-devel is earlier than 0:2.6.9-55.0.12.EL

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34442) version=1, comment=kernel-xenU-devel is earlier than 0:2.6.9-55.0.12.EL, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:14060)
name kernel-xenU-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL

CRITERION kernel-smp-devel is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35258) version=1, comment=kernel-smp-devel is earlier than 0:2.6.9-55.0.12.EL, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14109)
    name kernel-smp-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL

CRITERION

kernel-largesmp-devel is earlier than 0:2.6.9-55.0.12.EL

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35254) version=1, comment=kernel-largesmp-devel is earlier than 0:2.6.9-55.0.12.EL, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:14209)
name kernel-largesmp-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL

CRITERION kernel is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35373) check=at least one, check_existence=at_least_one_exists, comment=kernel is earlier than 0:2.6.9-55.0.12.EL, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14285)
    name kernel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL
CRITERION kernel-devel is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34480) check=at least one, check_existence=at_least_one_exists, comment=kernel-devel is earlier than 0:2.6.9-55.0.12.EL, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13732)
    name kernel-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL
CRITERION kernel-doc is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34911) check=at least one, check_existence=at_least_one_exists, comment=kernel-doc is earlier than 0:2.6.9-55.0.12.EL, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13422)
    name kernel-doc
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL
CRITERION kernel-largesmp is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34923) version=1, comment=kernel-largesmp is earlier than 0:2.6.9-55.0.12.EL, check_existence=at_least_one_exists, check=at least one
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14138)
    name kernel-largesmp
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL
CRITERION kernel-smp is earlier than 0:2.6.9-55.0.12.EL
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:35327) check=at least one, check_existence=at_least_one_exists, comment=kernel-smp is earlier than 0:2.6.9-55.0.12.EL, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14265)
    name kernel-smp
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10629)
    evr datatype=evr_string | operation=less than | value=0:2.6.9-55.0.12.EL

AND

OS Section: RHEL5, CentOS5, Oracle Linux 5

OR	RHEL5, CentOS5 or Oracle Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:11414) The operating system installed on the system is Red Hat Enterprise Linux 5

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15802) The operating system installed on the system is CentOS Linux 5.x

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:15459) Oracle Linux 5.x

OR	Configuration section

CRITERION kernel-kdump is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34804) check=at least one, check_existence=at_least_one_exists, comment=kernel-kdump is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14801)
    name kernel-kdump
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5
CRITERION kernel-xen is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34557) check=at least one, check_existence=at_least_one_exists, comment=kernel-xen is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14710)
    name kernel-xen
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5
CRITERION kernel-headers is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34837) check=at least one, check_existence=at_least_one_exists, comment=kernel-headers is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14830)
    name kernel-headers
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5

CRITERION

kernel-kdump-devel is earlier than 0:2.6.18-8.1.10.el5

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34795) check=at least one, check_existence=at_least_one_exists, comment=kernel-kdump-devel is earlier than 0:2.6.18-8.1.10.el5, version=2

rpminfo_object (ID = oval:org.mitre.oval:obj:14761)
name kernel-kdump-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5

CRITERION

kernel-xen-devel is earlier than 0:2.6.18-8.1.10.el5

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34562) check=at least one, check_existence=at_least_one_exists, comment=kernel-xen-devel is earlier than 0:2.6.18-8.1.10.el5, version=2

rpminfo_object (ID = oval:org.mitre.oval:obj:14821)
name kernel-xen-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5

CRITERION kernel is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34357) check=at least one, check_existence=at_least_one_exists, comment=kernel is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14285)
    name kernel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5

CRITERION

kernel-PAE-devel is earlier than 0:2.6.18-8.1.10.el5

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34379) check=at least one, check_existence=at_least_one_exists, comment=kernel-PAE-devel is earlier than 0:2.6.18-8.1.10.el5, version=2

rpminfo_object (ID = oval:org.mitre.oval:obj:14863)
name kernel-PAE-devel
rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5

CRITERION kernel-devel is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34873) check=at least one, check_existence=at_least_one_exists, comment=kernel-devel is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13732)
    name kernel-devel
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5
CRITERION kernel-PAE is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34870) check=at least one, check_existence=at_least_one_exists, comment=kernel-PAE is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:14641)
    name kernel-PAE
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5
CRITERION kernel-doc is earlier than 0:2.6.18-8.1.10.el5
- RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34374) check=at least one, check_existence=at_least_one_exists, comment=kernel-doc is earlier than 0:2.6.18-8.1.10.el5, version=2
  - rpminfo_object (ID = oval:org.mitre.oval:obj:13422)
    name kernel-doc
  - rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
    evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5

CRITERION

kernel-debuginfo-common is earlier than 0:2.6.18-8.1.10.el5

RPMINFO_TEST (ID = oval:org.mitre.oval:tst:34337) version=1, comment=kernel-debuginfo-common is earlier than 0:2.6.18-8.1.10.el5, check_existence=at_least_one_exists, check=at least one

rpminfo_object (ID = oval:org.mitre.oval:obj:14853)
name kernel-debuginfo-common
rpminfo_state (ID = oval:org.mitre.oval:ste:10410)
evr datatype=evr_string | operation=less than | value=0:2.6.18-8.1.10.el5


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	PARTIAL
Access complexity:	MEDIUM
Authentication:	NONE
Confidentiality impact:	PARTIAL
Integrity impact:	PARTIAL
Availability impact:	PARTIAL