Vulnerability Description
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smb4K | Smb4K | 0.4 |
References
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
- http://developer.berlios.de/project/shownotes.php?release_id=11706
- http://developer.berlios.de/project/shownotes.php?release_id=11902
- http://developer.berlios.de/project/shownotes.php?release_id=9777
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://secunia.com/advisories/23937PatchVendor Advisory
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24111
- http://secunia.com/advisories/24469
- http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
- http://www.securityfocus.com/bid/22299
- http://www.vupen.com/english/advisories/2007/0393
- https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.htmlPatch
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
FAQ
What is CVE-2007-0472?
CVE-2007-0472 is a vulnerability with a CVSS score of 3.7 (LOW). Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file...
How severe is CVE-2007-0472?
CVE-2007-0472 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0472?
Check the references section above for vendor advisories and patch information. Affected products include: Smb4K Smb4K.