CVE-2007-0472

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

CVSS v2.0 3.7

3.7^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 1.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References

Link	Resource
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html	Patch
http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://secunia.com/advisories/23937	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://www.securityfocus.com/bid/22299
http://secunia.com/advisories/23984
http://secunia.com/advisories/24111
http://secunia.com/advisories/24469
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.vupen.com/english/advisories/2007/0393

Configurations

Configuration 1

cpe:2.3:a:smb4k:smb4k:0.7:*:*:*:*:*:*:*

cpe:2.3:a:smb4k:smb4k:0.4:*:*:*:*:*:*:*

cpe:2.3:a:smb4k:smb4k:0.6:*:*:*:*:*:*:*

cpe:2.3:a:smb4k:smb4k:0.5:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-02-03 11:28

Updated : 2011-03-08 02:49

NVD link : CVE-2007-0472

Mitre link : CVE-2007-0472

Products Affected

No products.

CWE

NVD-CWE-Other