CVE-2007-4849: CVE-2007-4849

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4849

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access restricted files or directories after a remount of a filesystem, related to "legacy modes" and an inconsistency between dentry permissions and inode permissions.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux Kernel JFFS2文件系统不安全权限设置漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux Kernel中的JFFS2文件系统实现上存在漏洞，本地攻击者可能利用此漏洞非授权访问文件系统。如果启用了POSIX ACL支持的话，Linux Kernel中所使用的JFFS2在创建inode或设置ACL期间没有正确地存储权限，这允许本地攻击者利用dentry权限和inode权限之间的不一致性在重新加载文件系统后访问受限制的文件或目

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-4849

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-4849

Please Login to view more intelligence information

http://git.infradead.org/?p=mtd-2.6.git%3Ba=commitdiff%3Bh=9ed437c50d89eabae763dd422579f73fdebf288dx_refsource_CONFIRM
http://dev.laptop.org/ticket/2732x_refsource_CONFIRM
http://secunia.com/advisories/28170third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26978third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28706third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25838vdb-entryx_refsource_BID
http://www.debian.org/security/2007/dsa-1378vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-574-1vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/usn-558-1vendor-advisoryx_refsource_UBUNTU
http://lists.infradead.org/pipermail/linux-mtd-cvs/2007-August/005897.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2007-4849

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2007-4849

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2007-4849

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-4849

III. Intelligence Information for CVE-2007-4849

New Vulnerabilities

V. Comments for CVE-2007-4849

Leave a comment