CVE-2007-0473

Name of the Vulnerable Software and Affected Versions: Smb4K versions prior to 0.8.0 Smb4K versions prior to 0.6.10a

Description: The issue concerns the writeFile function in core/smb4kfileio.cpp, which does not preserve /etc/sudoers permissions across modifications. This allows local users to obtain sensitive information by reading the /etc/sudoers file. Additionally, there are multiple vulnerabilities in the smb4k package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited locally.

Recommendations: For versions prior to 0.8.0, update to version 0.8.0 or later to resolve the issue. For versions prior to 0.6.10a, update to version 0.6.10a or later to resolve the issue. As a temporary workaround, consider restricting access to the writeFile function in core/smb4kfileio.cpp until a patch is available. Restrict access to sensitive files, such as /etc/sudoers, to minimize the risk of exploitation.