ubuntu · CVE-2007-0472

Quick triage

Priority: medium Published: 2007-02-03 23:28:00 UTC Updated: 2025-07-17 16:40:35 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2007-0472 medium priority: Ubuntu including 1 source packages (smb4k), 9 status rows across 9 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, upstream): not-affected 5, ignored 2, released 2.

Description:

Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

cvelogic Threat Intelligence