CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-0472

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.1%

CVSS Severity

CVSS v2 Score 3.7

References

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://secunia.com/advisories/23937
http://secunia.com/advisories/23984
http://secunia.com/advisories/24111
http://secunia.com/advisories/24469
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.securityfocus.com/bid/22299
http://www.vupen.com/english/advisories/2007/0393
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html
http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://secunia.com/advisories/23937
http://secunia.com/advisories/23984
http://secunia.com/advisories/24111
http://secunia.com/advisories/24469
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.securityfocus.com/bid/22299
http://www.vupen.com/english/advisories/2007/0393
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

Products affected by CVE-2007-0472

Smb4k » Smb4k » Version: 0.4

cpe:2.3:a:smb4k:smb4k:0.4
Smb4k » Smb4k » Version: 0.5

cpe:2.3:a:smb4k:smb4k:0.5
Smb4k » Smb4k » Version: 0.6

cpe:2.3:a:smb4k:smb4k:0.6
Smb4k » Smb4k » Version: 0.7

cpe:2.3:a:smb4k:smb4k:0.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-0472

Products

Pricing

Contact Us