CVE-2007-0475

high

Description

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

References

https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

http://www.vupen.com/english/advisories/2007/0393

http://www.securityfocus.com/bid/22299

http://www.mandriva.com/security/advisories?name=MDKSA-2007:042

http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml

http://secunia.com/advisories/24469

http://secunia.com/advisories/24111

http://secunia.com/advisories/23984

http://secunia.com/advisories/23937

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

http://developer.berlios.de/project/shownotes.php?release_id=9777

http://developer.berlios.de/project/shownotes.php?release_id=11902

http://developer.berlios.de/project/shownotes.php?release_id=11706

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769

Details

Source: Mitre, NVD

Published: 2007-02-03

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High