Generally discussion of (potential) security vulnerabilities should be directed to security@e-smith.com rather than a public discussion board. However, from what I can see, this vulnerability exists only if you have given non-root users shell access. Since the default e-smith/SME installation does not do this, an unmodified installation should not be vulnerable.