CVE-2007-0474 - Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary proc

CVE-2007-0474

Summary

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."

References

Vulnerable Configurations

cpe:2.3:a:smb4k:smb4k:0.4:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.4:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.5:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.5:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.6:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.6:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.7:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.7:*:*:*:*:*:*:*

CVSS

Base:	3.3 (as of 08-03-2011 - 02:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:P/A:P

refmap via4

bid	22299
confirm	http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769 http://developer.berlios.de/project/shownotes.php?release_id=11706 http://developer.berlios.de/project/shownotes.php?release_id=11902 http://developer.berlios.de/project/shownotes.php?release_id=9777
gentoo	GLSA-200703-09
mandriva	MDKSA-2007:042
mlist	[smb4k-announce] 20061221 Smb4K 0.8.0 and security fixes released
secunia	23937 23984 24111 24469
suse	SUSE-SR:2007:002
vupen	ADV-2007-0393

Last major update

08-03-2011 - 02:49

Published

03-02-2007 - 23:28

Last modified

08-03-2011 - 02:49