The writeFile function in core/smb4kfileio.cpp in Smb4K prior to 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smb4k smb4k 0.4 |
||
smb4k smb4k 0.5 |
||
smb4k smb4k 0.6 |
||
smb4k smb4k 0.7 |