CVE-2007-0472

NameCVE-2007-0472
DescriptionMultiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smb4k (PTS)jessie, jessie (lts)1.2.1-2~deb8u1fixed
stretch1.2.1-2fixed
buster2.1.1-1fixed
bullseye3.0.7-1fixed
bookworm3.1.7-1fixed
sid, trixie3.2.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smb4ksource(unstable)0.8.0-1low

Notes

[etch] - smb4k <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems