Executive Summary

Informations
Name CVE-2007-0472 First vendor Publication 2007-02-03
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 3.7 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0472

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4

OpenVAS Exploits

Date Description
2009-04-09 Name : Mandriva Update for smb4k MDKSA-2007:042 (smb4k)
File : nvt/gb_mandriva_MDKSA_2007_042.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200703-09 (smb4k)
File : nvt/glsa_200703_09.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
32981 Smb4K core/smb4kfileio.cpp Symlink Arbitrary File Manipulation

Nessus® Vulnerability Scanner

Date Description
2007-03-12 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200703-09.nasl - Type : ACT_GATHER_INFO
2007-02-18 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-042.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id...
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://secunia.com/advisories/23937
http://secunia.com/advisories/23984
http://secunia.com/advisories/24111
http://secunia.com/advisories/24469
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.securityfocus.com/bid/22299
http://www.vupen.com/english/advisories/2007/0393
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
Date Informations
2024-11-28 23:18:17
  • Multiple Updates
2024-11-28 12:11:23
  • Multiple Updates
2021-05-04 12:05:17
  • Multiple Updates
2021-04-22 01:05:52
  • Multiple Updates
2020-05-23 00:19:10
  • Multiple Updates
2016-04-26 15:40:39
  • Multiple Updates
2014-02-17 10:38:49
  • Multiple Updates
2013-05-11 10:18:28
  • Multiple Updates