List Info

Thread: Smb4K: Multiple vulnerabilities
Smb4K: Multiple vulnerabilities
country flaguser name
France		 2007-03-09 16:53:37 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - -
Gentoo Linux Security Advisory                          
GLSA 200703-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - -
                                            http://security.gentoo.or
g/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - -

  Severity: High
     Title: Smb4K: Multiple vulnerabilities
      Date: March 09, 2007
      Bugs: #156152
        ID: 200703-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - -

Synopsis
========

Multiple vulnerabilities have been identified in Smb4K.

Background
==========

Smb4K is a SMB/CIFS (Windows) share browser for KDE.

Affected packages
=================

   
------------------------------------------------------------
-------
     Package         /  Vulnerable  /                      
Unaffected
   
------------------------------------------------------------
-------
  1  net-misc/smb4k      < 0.6.10a                       
  >= 0.6.10a

Description
===========

Kees Cook of the Ubuntu Security Team has identified
multiple
vulnerabilities in Smb4K.

* The writeFile() function of smb4k/core/smb4kfileio.cpp
makes
  insecure usage of temporary files.

* The writeFile() function also stores the contents of the
sudoers
  file with incorrect permissions, allowing for the file's
contents to
  be world-readable.

* The createLockFile() and removeLockFile() functions
improperly
  handle lock files, possibly allowing for a race condition
in file
  handling.

* The smb4k_kill utility distributed with Smb4K allows any
user in
  the sudoers group to kill any process on the system.

* Lastly, there is the potential for multiple stack
overflows when
  any Smb4K utility is used with the sudo command.

Impact
======

A local attacker could gain unauthorized access to arbitrary
files via
numerous attack vectors. In some cases to obtain this
unauthorized
access, an attacker would have to be a member of the sudoers
list.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Smb4K users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose
">=net-misc/smb4k-0.6.10a"

References
==========

  [ 1 ] CVE-2007-0472
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-0472
  [ 2 ] CVE-2007-0473
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-0473
  [ 3 ] CVE-2007-0474
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-0474
  [ 4 ] CVE-2007-0475
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-0475

Availability
============

This GLSA and any updates to it are available for viewing
at
the Gentoo Security Website:

  ht
tp://security.gentoo.org/glsa/glsa-200703-09.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring
the
confidentiality and security of our users machines is of
utmost
importance to us. Any security concerns should be addressed
to
securitygentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://
creativecommons.org/licenses/by-sa/2.5
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )