CVE-2007-0475 - Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local use

CVE-2007-0475

Summary

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

References

Vulnerable Configurations

cpe:2.3:a:smb4k:smb4k:0.4:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.4:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.5:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.5:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.6:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.6:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.7:*:*:*:*:*:*:*
cpe:2.3:a:smb4k:smb4k:0.7:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 08-03-2011 - 02:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	22299
confirm	http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769 http://developer.berlios.de/project/shownotes.php?release_id=11706 http://developer.berlios.de/project/shownotes.php?release_id=11902 http://developer.berlios.de/project/shownotes.php?release_id=9777
gentoo	GLSA-200703-09
mandriva	MDKSA-2007:042
mlist	[smb4k-announce] 20061221 Smb4K 0.8.0 and security fixes released
secunia	23937 23984 24111 24469
suse	SUSE-SR:2007:002
vupen	ADV-2007-0393

Last major update

08-03-2011 - 02:49

Published

03-02-2007 - 23:28

Last modified

08-03-2011 - 02:49