Detections
Analytics

Mandrake Linux Security Advisory : smb4k (MDKSA-2005:157)

low Nessus Plugin ID 19912

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE.

Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.

The updated packages have been patched to correct this problem.

Solution

Update the affected smb4k package.

See Also

http://smb4k.berlios.de

Plugin Details

Severity: Low

ID: 19912

File Name: mandrake_MDKSA-2005-157.nasl

Version: 1.17

Type: local

Published: 10/5/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:smb4k, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 9/6/2005

Reference Information

CVE: CVE-2005-2851

MDKSA: 2005:157