CVE-2007-0472

N/A Unknown

Published: February 03, 2007 Modified: April 23, 2026

Description

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769

Source: security@ubuntu.com

http://developer.berlios.de/project/shownotes.php?release_id=11706

Source: security@ubuntu.com

http://developer.berlios.de/project/shownotes.php?release_id=11902

Source: security@ubuntu.com

http://developer.berlios.de/project/shownotes.php?release_id=9777

Source: security@ubuntu.com

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

Source: security@ubuntu.com

http://secunia.com/advisories/23937

Source: security@ubuntu.com

Patch Vendor Advisory

http://secunia.com/advisories/23984

Source: security@ubuntu.com

http://secunia.com/advisories/24111

Source: security@ubuntu.com

http://secunia.com/advisories/24469

Source: security@ubuntu.com

http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml

Source: security@ubuntu.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:042

Source: security@ubuntu.com

http://www.securityfocus.com/bid/22299

Source: security@ubuntu.com

http://www.vupen.com/english/advisories/2007/0393

Source: security@ubuntu.com

https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

Source: security@ubuntu.com

Patch

http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769

Source: af854a3a-2127-422b-91ae-364da2661108

http://developer.berlios.de/project/shownotes.php?release_id=11706

Source: af854a3a-2127-422b-91ae-364da2661108

http://developer.berlios.de/project/shownotes.php?release_id=11902

Source: af854a3a-2127-422b-91ae-364da2661108

http://developer.berlios.de/project/shownotes.php?release_id=9777

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/23937

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/23984

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24111

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/24469

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:042

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/22299

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/0393

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

28 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.1%

23th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

smb4k