3.7

CVE-2007-0472

EPSS 0.08%
Veröffentlicht 03.02.2007 23:28:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle security@ubuntu.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Smb4k ≫ Smb4k Version0.4

Smb4k ≫ Smb4k Version0.5

Smb4k ≫ Smb4k Version0.6

Smb4k ≫ Smb4k Version0.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.24

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.7	1.9	6.4	AV:L/AC:H/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/23984

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769

http://developer.berlios.de/project/shownotes.php?release_id=11706

http://developer.berlios.de/project/shownotes.php?release_id=11902

http://developer.berlios.de/project/shownotes.php?release_id=9777

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

http://secunia.com/advisories/23937

Patch

Vendor Advisory

http://secunia.com/advisories/24111

http://secunia.com/advisories/24469

http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml

http://www.mandriva.com/security/advisories?name=MDKSA-2007:042

http://www.securityfocus.com/bid/22299

http://www.vupen.com/english/advisories/2007/0393

https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

Patch

https://nvd.nist.gov/vuln/detail/CVE-2007-0472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0472

EUVD