Vulnerability Description
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Smb4K | Smb4K | 0.4 |
References
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
- http://developer.berlios.de/project/shownotes.php?release_id=11706
- http://developer.berlios.de/project/shownotes.php?release_id=11902
- http://developer.berlios.de/project/shownotes.php?release_id=9777
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://secunia.com/advisories/23937PatchVendor Advisory
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24111
- http://secunia.com/advisories/24469
- http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
- http://www.securityfocus.com/bid/22299
- http://www.vupen.com/english/advisories/2007/0393
- https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.htmlPatch
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
FAQ
What is CVE-2007-0473?
CVE-2007-0473 is a vulnerability with a CVSS score of 1.9 (LOW). The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sud...
How severe is CVE-2007-0473?
CVE-2007-0473 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0473?
Check the references section above for vendor advisories and patch information. Affected products include: Smb4K Smb4K.