CVE-2007-0472

Name of the Vulnerable Software and Affected Versions: Smb4K versions prior to 0.8.0

Description: The issue involves multiple race conditions that can be exploited by local users. These conditions allow for the modification of arbitrary files through manipulations of Smb4K's lock file, which is not properly handled by the remove lock file function in core/smb4kfileio.cpp. Additionally, there is a possibility of adding lines to the sudoers file via a symlink attack on temporary files, which is not properly handled by the writeFile function in core/smb4kfileio.cpp. The exploitation of these vulnerabilities can lead to breaches of confidentiality, integrity, and availability of protected information.

Recommendations: For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue. As a temporary workaround, consider disabling the remove lock file and writeFile functions in core/smb4kfileio.cpp until a patch is available. Restrict access to temporary files to minimize the risk of symlink attacks.