CVE-2007-0475

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

CVSS v2.0 4.4

4.4^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References

Link	Resource
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html	Patch
http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://secunia.com/advisories/23937	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://www.securityfocus.com/bid/22299
http://secunia.com/advisories/23984
http://secunia.com/advisories/24111
http://secunia.com/advisories/24469
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.vupen.com/english/advisories/2007/0393

Configurations

Configuration 1

cpe:2.3:a:smb4k:smb4k:0.7:*:*:*:*:*:*:*

cpe:2.3:a:smb4k:smb4k:0.4:*:*:*:*:*:*:*

cpe:2.3:a:smb4k:smb4k:0.6:*:*:*:*:*:*:*

cpe:2.3:a:smb4k:smb4k:0.5:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2007-02-03 11:28

Updated : 2011-03-08 02:49

NVD link : CVE-2007-0475

Mitre link : CVE-2007-0475

Products Affected

No products.

CWE

NVD-CWE-Other