Vulnerability Description
Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rsbac | Rule Set Based Access Control | < 1.3.5 |
| Linux | Linux Kernel | >= 2.6.0, <= 2.6.39.4 |
References
- http://download.rsbac.org/code/1.3.5/changes-1.3.5.txtVendor Advisory
- http://secunia.com/advisories/26147Broken Link
- http://securityreason.com/securityalert/2911Third Party Advisory
- http://www.securityfocus.com/archive/1/474161/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/25001Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2610URL Repurposed
- http://download.rsbac.org/code/1.3.5/changes-1.3.5.txtVendor Advisory
- http://secunia.com/advisories/26147Broken Link
- http://securityreason.com/securityalert/2911Third Party Advisory
- http://www.securityfocus.com/archive/1/474161/100/0/threadedThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/25001Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2610URL Repurposed
FAQ
What is CVE-2007-3945?
CVE-2007-3945 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication contr...
How severe is CVE-2007-3945?
CVE-2007-3945 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3945?
Check the references section above for vendor advisories and patch information. Affected products include: Rsbac Rule Set Based Access Control, Linux Linux Kernel.