Linux Kernel up to 2.6.22.2 AACRAID Driver privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.6 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Linux Kernel up to 2.6.22.2. Impacted is an unknown function of the component AACRAID Driver. The manipulation results in privileges management. This vulnerability was named CVE-2007-4308. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 2.6.22.2 (Operating System). It has been classified as problematic. Affected is an unknown functionality of the component AACRAID Driver. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. The impact remains unknown. CVE summarizes:
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.
The weakness was presented 08/06/2007 with Kernel-Development (Website). The advisory is shared for download at kernel.org. This vulnerability is traded as CVE-2007-4308 since 08/13/2007. The attack can only be done within the local network. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068.
It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 37953 (CentOS 4 : kernel (CESA-2007:0939)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 155181 (Oracle Enterprise Linux Kernel Security and Bug Fix Update (ELSA-2007-1049)).
Upgrading to version 2.6.22.2 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at X-Force (36074), Tenable (37953), SecurityFocus (BID 25216†), OSVDB (37122†) and Secunia (SA26322†). See VDB-34369, VDB-36314 and VDB-38778 for similar entries. Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 2.9VulDB Meta Temp Score: 2.6
VulDB Base Score: 2.9
VulDB Temp Score: 2.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 37953
Nessus Name: CentOS 4 : kernel (CESA-2007:0939)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 58585
OpenVAS Name: Debian Security Advisory DSA 1363-1 (linux-2.6)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 2.6.22.2
Patch: kernel.org
Timeline
08/06/2007 🔍08/06/2007 🔍
08/06/2007 🔍
08/06/2007 🔍
08/13/2007 🔍
08/13/2007 🔍
08/20/2007 🔍
10/28/2007 🔍
02/21/2008 🔍
03/15/2021 🔍
Sources
Vendor: kernel.orgAdvisory: kernel.org
Organization: Kernel-Development
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2007-4308 (🔍)
GCVE (CVE): GCVE-0-2007-4308
GCVE (VulDB): GCVE-100-3228
OVAL: 🔍
X-Force: 36074
SecurityFocus: 25216
Secunia: 26322 - Linux Kernel AACRAID Driver IOCTL Security Bypass, Less Critical
OSVDB: 37122 - Linux Kernel AACRAID Driver IOCTL Multiple Function Local Privilege Escalation
SecurityTracker: 1019470 - VMware ESX Server aacraid Driver Lets Local Users Gain Elevated Privileges
Vulnerability Center: 16682 - Linux Kernel < 2.6.23-rc2 aacraid Local Denial of Service or Privilege Escalation, Medium
Vupen: ADV-2007-2786
See also: 🔍
Entry
Created: 08/20/2007 08:42Updated: 03/15/2021 16:19
Changes: 08/20/2007 08:42 (82), 06/07/2017 16:04 (9), 03/15/2021 16:19 (3)
Complete: 🔍
Cache ID: 216:A7B:103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.