Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 03/02/2007 Updated: 08/03/2011

CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9

VMScore: 329

Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Multiple race conditions in Smb4K prior to 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
smb4k smb4k 0.6
smb4k smb4k 0.7
smb4k smb4k 0.4
smb4k smb4k 0.5

NVD-CWE-Other https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769 http://developer.berlios.de/project/shownotes.php?release_id=11706 http://developer.berlios.de/project/shownotes.php?release_id=11902 http://developer.berlios.de/project/shownotes.php?release_id=9777 http://secunia.com/advisories/23937 http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html http://www.securityfocus.com/bid/22299 http://secunia.com/advisories/23984 http://secunia.com/advisories/24111 http://secunia.com/advisories/24469 http://www.mandriva.com/security/advisories?name=MDKSA-2007:042 http://www.vupen.com/english/advisories/2007/0393 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0472

Vulnerability Summary

References

Vulmon Search

About

Products

Connect