CVE-2007-3843

Publication date 9 August 2007

Last updated 17 July 2025

Ubuntu priority

The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux-source-2.6.20	7.04 feisty	Fixed 2.6.20-16.31
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-510-1
Linux kernel vulnerabilities
31 August 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-3843