Vulnerability CVE-2007-4308: Information

Description

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

Severity: LOW (1.9)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-4308

Published: Aug. 14, 2007

Modified: Oct. 16, 2018

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.23-rc2
http://lkml.org/lkml/2007/7/23/195
25216
26322	Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm
DSA-1363
MDKSA-2007:196
MDKSA-2007:195
RHSA-2007:0940
RHSA-2007:0939
RHSA-2007:1049
SUSE-SA:2007:064
USN-510-1
USN-508-1
USN-509-1
26647
26643
26651
27322
27436
27212
27747
27912
27913
SUSE-SA:2008:006
28806
[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
DSA-1503
DSA-1504
1019470
29032
29058
SUSE-SA:2008:017
29570
RHSA-2008:0787
33280
ADV-2007-2786
ADV-2008-0637
oval:org.mitre.oval:def:8872
20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

Affected configurations:
1. Configuration 1
  Running on/with:
  cpe:2.3:o:linux:linux_kernel:2.6.23:rc1:*:*:*:*:*:*
  cpe:2.3:a:adaptec:aacraid_controller:*:*:*:*:*:*:*:*

Version: v24.5.1

Vulnerability CVE-2007-4308: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1