Vulnerability CVE-2007-0475
Published: 2007-02-03   Modified: 2012-02-12

Description:
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Smb4k -> Smb4k 

 References:
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html
http://secunia.com/advisories/23937
http://www.vupen.com/english/advisories/2007/0393
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
http://www.securityfocus.com/bid/22299
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://secunia.com/advisories/24469
http://secunia.com/advisories/24111
http://secunia.com/advisories/23984
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
Copyright 2024, cxsecurity.com

 

Back to Top