Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2007-0005

Published: 10/03/2007 Updated: 16/10/2018
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel prior to 2.6.21-rc3 allow local users to gain privileges.

Vulnerable Product Search on Vulmon Subscribe to Product

omnikey.aaitg omnikey_cardman_4040

Vendor Advisories

Ubuntu Security Notice: linux-source-2.6.17 vulnerabilities
The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode (CVE-2006-7203) ...
Ubuntu Security Notice: linux-source-2.6.15 vulnerability
A flaw was discovered in dvb ULE decapsulation A remote attacker could send a specially crafted message and cause a denial of service (CVE-2006-4623) ...
Debian Security Advisories: DSA-1286-1 linux-2.6 -- several vulnerabilities
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0005 Daniel Roethlisberger discovered two buffer overflows in the cm4040 driver for the Omnik ...

Exploits

Exploit DB: Linux Omnikey Cardman 4040 Driver - Local Buffer Overflow (PoC)
/* * Linux Omnikey Cardman 4040 driver buffer overflow (CVE-2007-0005) * Copyright (C) Daniel Roethlisberger <danielroethlisberger@csncch> * Compass Security Network Computing AG, Rapperswil, Switzerland * All rights reserved * wwwcsncch/ */ #include<sys/stath> #include<fcntlh> #include<unistdh> #inclu ...
Exploit DB: csa-driver.txt
COMPASS SECURITY ADVISORY - The Linux drivers for the Omnikey CardMan 4040 smartcard reader contains a buffer overflow vulnerability Local attackers with direct or indirect write permissions to a cmx device file can execute arbitrary code with kernel privileges or may cause a denial of service condition Proof of concept exploit included ...

References

CWE-119http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.21-rc3http://fedoranews.org/cms/node/2787http://fedoranews.org/cms/node/2788http://www.redhat.com/support/errata/RHSA-2007-0099.htmlhttp://www.securityfocus.com/bid/22870http://www.osvdb.org/33023http://secunia.com/advisories/24436http://secunia.com/advisories/24518http://secunia.com/advisories/24777https://issues.rpath.com/browse/RPL-1035http://secunia.com/advisories/24901http://www.debian.org/security/2007/dsa-1286http://secunia.com/advisories/25078http://www.securityfocus.com/archive/1/471457http://www.mandriva.com/security/advisories?name=MDKSA-2007:078http://www.ubuntu.com/usn/usn-486-1http://www.ubuntu.com/usn/usn-489-1http://secunia.com/advisories/25691http://secunia.com/advisories/26133http://secunia.com/advisories/26139http://www.vupen.com/english/advisories/2007/0872https://exchange.xforce.ibmcloud.com/vulnerabilities/32880https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11238http://www.securityfocus.com/archive/1/462300/100/0/threadedhttps://nvd.nist.govhttps://usn.ubuntu.com/486-1/https://www.exploit-db.com/exploits/3441/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook