CVE-2007-0472

medium

Description

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

References

https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

http://www.vupen.com/english/advisories/2007/0393

http://www.securityfocus.com/bid/22299

http://www.mandriva.com/security/advisories?name=MDKSA-2007:042

http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml

http://secunia.com/advisories/24469

http://secunia.com/advisories/24111

http://secunia.com/advisories/23984

http://secunia.com/advisories/23937

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

http://developer.berlios.de/project/shownotes.php?release_id=9777

http://developer.berlios.de/project/shownotes.php?release_id=11902

http://developer.berlios.de/project/shownotes.php?release_id=11706

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769

Details

Source: Mitre, NVD

Published: 2007-02-03

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium