smb4k: multiple vulnerabilities
| Package(s): | smb4k |
CVE #(s): | CVE-2007-0472
CVE-2007-0473
CVE-2007-0474
CVE-2007-0475
|
| Created: | February 13, 2007 |
Updated: | March 12, 2007 |
| Description: |
The Smb4K
0.8.0 release announcement notes that several security weaknesses in
the utility programs (stack overflows / the use of strcpy instead of
strncpy / a design error in smb4k_kill) and in the Smb4KFileIO class (use
of mktemp instead of mkstemp for creation of the temporary files which
could lead to both a race and an information leak / a race in the code that
handles the lock file). Fixes for all of these issues are included in Smb4K
0.8.0 and in the patches that have been prepared for Smb4K 0.7.5 and
0.6.10a. Other versions are not supported anymore. |
| Alerts: |
|
