CVE-2007-0473 | Vulnerability Database | Aqua Security

The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.

Affected Software

Name	Vendor	Start Version	End Version
Smb4k	Smb4k	0.4 (including)	0.4 (including)
Smb4k	Smb4k	0.5 (including)	0.5 (including)
Smb4k	Smb4k	0.6 (including)	0.6 (including)
Smb4k	Smb4k	0.7 (including)	0.7 (including)
Smb4k	Ubuntu	dapper	*
Smb4k	Ubuntu	edgy	*
Smb4k	Ubuntu	feisty	*
Smb4k	Ubuntu	upstream	*

References

http://developer.berlios.de/bugs/?func=detailbug\u0026bug_id=9630\u0026group_id=769
http://developer.berlios.de/project/shownotes.php?release_id=11706
http://developer.berlios.de/project/shownotes.php?release_id=11902
http://developer.berlios.de/project/shownotes.php?release_id=9777
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
http://secunia.com/advisories/23937
http://secunia.com/advisories/23984
http://secunia.com/advisories/24111
http://secunia.com/advisories/24469
http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
http://www.securityfocus.com/bid/22299
http://www.vupen.com/english/advisories/2007/0393
https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0473
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html