SMB4K Multiple Vulnerabilities
BID:22299
Info
SMB4K Multiple Vulnerabilities
| Bugtraq ID: | 22299 |
| Class: | Unknown |
| CVE: |
CVE-2007-0472 CVE-2007-0473 CVE-2007-0474 CVE-2007-0475 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 29 2007 12:00AM |
| Updated: | May 17 2007 08:18PM |
| Credit: | Kees Cook is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Smb4k Smb4k 0.7.5 Smb4k Smb4k 0.6.3 Smb4k Smb4k 0.6 Smb4k Smb4k 0.5.1 Smb4k Smb4k 0.5 Smb4k Smb4k 0.4 S.u.S.E. openSUSE 10.2 Pardus Linux 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Gentoo Linux |
| Not Vulnerable: |
Smb4k Smb4k 0.8 |
Discussion
SMB4K Multiple Vulnerabilities
The 'smb4k' is prone to multiple vulnerabilities, including:
- A buffer-overflow vulnerability
- A denial-of-service vulnerability
- An information-disclosure issue
- An insecure-temporary-file-creation issue.
An attacker can exploit this issue to completely compromise affected computers. This includes executing arbitrary code with superuser privileges, crashing arbitrary processes, gaining access to sensitive information, and writing to the 'sudoers' file.
These issues affect version 0.8.0; other versions may also be vulnerable.
The 'smb4k' is prone to multiple vulnerabilities, including:
- A buffer-overflow vulnerability
- A denial-of-service vulnerability
- An information-disclosure issue
- An insecure-temporary-file-creation issue.
An attacker can exploit this issue to completely compromise affected computers. This includes executing arbitrary code with superuser privileges, crashing arbitrary processes, gaining access to sensitive information, and writing to the 'sudoers' file.
These issues affect version 0.8.0; other versions may also be vulnerable.
Exploit / POC
SMB4K Multiple Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Some of these issues do not require specific exploit code.
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Some of these issues do not require specific exploit code.
Solution / Fix
SMB4K Multiple Vulnerabilities
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
SMB4K Multiple Vulnerabilities
References:
References: