|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200511-15] Smb4k: Local unauthorized file access Vulnerability Scan
Vulnerability Scan Summary Smb4k: Local unauthorized file access
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200511-15
(Smb4k: Local unauthorized file access)
A vulnerability leading to unauthorized file access has been
found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a
textfile will cause Smb4k to write the contents of these files to the
target of the symlink, as Smb4k does not check for the existence of
these files before writing to them.
Impact
A possible hacker could acquire local privilege escalation by adding
username(s) to the list of sudoers.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2851
http://smb4k.berlios.de/
Solution:
All smb4k users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.4"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|