1. CVE-Search
  2. CVE-2007-3945
ID CVE-2007-3945
Summary Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked function return codes.
References
Vulnerable Configurations
  • cpe:2.3:a:rsbac:rule_set_based_access_control:-:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:-:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.2a:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.4:pre2:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.4:pre2:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.7a:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.8a:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.9a:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.9a:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.9b:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.0.9b:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:rsbac:rule_set_based_access_control:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 20-06-2023 - 18:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 25001
bugtraq 20070719 [ANNOUNCE] RSBAC 1.3.5 released
confirm http://download.rsbac.org/code/1.3.5/changes-1.3.5.txt
secunia 26147
sreason 2911
vupen ADV-2007-2610
Last major update 20-06-2023 - 18:09
Published 23-07-2007 - 23:30
Last modified 20-06-2023 - 18:09
Back to Top