CVE-2007-0005

Current Description

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.

Basic Data

PublishedMarch 10, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score6.9
SeverityMEDIUM
Exploitability Score3.4
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSLinuxLinux Kernel2.6.21*******
      2.3OSLinuxLinux Kernel2.6.21rc1******
      2.3OSLinuxLinux Kernel*rc2******2.6.21
      2.3OSLinuxLinux Kernel2.6.21.1*******
      2.3OSLinuxLinux Kernel2.6.21.2*******
      2.3OSLinuxLinux Kernel2.6.21.3*******
      2.3OSLinuxLinux Kernel2.6.21.4*******
      2.3OSLinuxLinux Kernel2.6.21.5*******
      2.3OSLinuxLinux Kernel2.6.21.6*******
      2.3OSLinuxLinux Kernel2.6.21.7*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationOmnikey.aaitgOmnikey Cardman 4040********

Vulnerable Software List

VendorProductVersions
Omnikey.aaitg Omnikey Cardman 4040 *

References

NameSourceURLTags
FEDORA-2007-335http://fedoranews.org/cms/node/2787FEDORA
FEDORA-2007-336http://fedoranews.org/cms/node/2788FEDORA
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3CONFIRMPatch Vendor Advisory
24436http://secunia.com/advisories/24436SECUNIAVendor Advisory
24518http://secunia.com/advisories/24518SECUNIAVendor Advisory
24777http://secunia.com/advisories/24777SECUNIAVendor Advisory
24901http://secunia.com/advisories/24901SECUNIAVendor Advisory
25078http://secunia.com/advisories/25078SECUNIAVendor Advisory
25691http://secunia.com/advisories/25691SECUNIAVendor Advisory
26133http://secunia.com/advisories/26133SECUNIAVendor Advisory
26139http://secunia.com/advisories/26139SECUNIAVendor Advisory
DSA-1286http://www.debian.org/security/2007/dsa-1286DEBIAN
MDKSA-2007:078http://www.mandriva.com/security/advisories?name=MDKSA-2007:078MANDRIVA
33023http://www.osvdb.org/33023OSVDB
RHSA-2007:0099http://www.redhat.com/support/errata/RHSA-2007-0099.htmlREDHATVendor Advisory
20070309 Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)http://www.securityfocus.com/archive/1/462300/100/0/threadedBUGTRAQ
20070615 rPSA-2007-0124-1 kernel xenhttp://www.securityfocus.com/archive/1/471457BUGTRAQ
22870http://www.securityfocus.com/bid/22870BID
USN-486-1http://www.ubuntu.com/usn/usn-486-1UBUNTU
USN-489-1http://www.ubuntu.com/usn/usn-489-1UBUNTU
ADV-2007-0872http://www.vupen.com/english/advisories/2007/0872VUPENVendor Advisory
kernel-cardman4040drivers-bo(32880)https://exchange.xforce.ibmcloud.com/vulnerabilities/32880XF
https://issues.rpath.com/browse/RPL-1035https://issues.rpath.com/browse/RPL-1035CONFIRM
oval:org.mitre.oval:def:11238https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11238OVAL