Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K’s lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn’t properly handled by the writeFile function in core/smb4kfileio.cpp.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Smb4k | Smb4k | 0.4 | 0.4 |
Smb4k | Smb4k | 0.5 | 0.5 |
Smb4k | Smb4k | 0.6 | 0.6 |
Smb4k | Smb4k | 0.7 | 0.7 |
Smb4k | Ubuntu | dapper | * |
Smb4k | Ubuntu | edgy | * |
Smb4k | Ubuntu | feisty | * |
Smb4k | Ubuntu | upstream | * |