CVE-2007-0475: Buffer Overflow
First published: Sat Feb 03 2007(Updated: )
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Smb4K | =0.7 | |
| Smb4K | =0.4 | |
| Smb4K | =0.6 | |
| Smb4K | =0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
- http://developer.berlios.de/project/shownotes.php?release_id=11706
- http://developer.berlios.de/project/shownotes.php?release_id=11902
- http://developer.berlios.de/project/shownotes.php?release_id=9777
- http://secunia.com/advisories/23937
- http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://www.securityfocus.com/bid/22299
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24111
- http://secunia.com/advisories/24469
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
- http://www.vupen.com/english/advisories/2007/0393
Frequently Asked Questions
What is the severity of CVE-2007-0475?
CVE-2007-0475 has a high severity due to its potential for local privilege escalation.
How do I fix CVE-2007-0475?
To fix CVE-2007-0475, you should upgrade Smb4K to version 0.8.0 or later.
Who is affected by CVE-2007-0475?
Local users with privileges listed in the Smb4K sudoers list are affected by CVE-2007-0475.
What causes CVE-2007-0475?
CVE-2007-0475 is caused by multiple stack-based buffer overflows in the Smb4K code.
Are older versions of Smb4K vulnerable to CVE-2007-0475?
Yes, versions before 0.8.0, specifically 0.4, 0.5, 0.6, and 0.7, are vulnerable to CVE-2007-0475.
- agent/references
- agent/softwarecombine
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/smb4k
- canonical/smb4k
- version/smb4k/0.7
- version/smb4k/0.4
- version/smb4k/0.6
- version/smb4k/0.5