6.3 Medium
AI Score
Confidence
Low
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
14.2%
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K’s lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn’t properly handled by the writeFile function in core/smb4kfileio.cpp.
CPE | Name | Operator | Version |
---|---|---|---|
smb4k:smb4k | smb4k | eq | 0.7 |
smb4k:smb4k | smb4k | eq | 0.4 |
smb4k:smb4k | smb4k | eq | 0.6 |
smb4k:smb4k | smb4k | eq | 0.5 |
developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
developer.berlios.de/project/shownotes.php?release_id=11706
developer.berlios.de/project/shownotes.php?release_id=11902
developer.berlios.de/project/shownotes.php?release_id=9777
lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
secunia.com/advisories/23937
secunia.com/advisories/23984
secunia.com/advisories/24111
secunia.com/advisories/24469
www.gentoo.org/security/en/glsa/glsa-200703-09.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:042
www.securityfocus.com/bid/22299
www.vupen.com/english/advisories/2007/0393
lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html