GLSA-200703-09 : Smb4K: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200703-09
(Smb4K: Multiple vulnerabilities)

Kees Cook of the Ubuntu Security Team has identified multiple
vulnerabilities in Smb4K.
The writeFile() function of
smb4k/core/smb4kfileio.cpp makes insecure usage of temporary
files.
The writeFile() function also stores the contents of
the sudoers file with incorrect permissions, allowing for the file's
contents to be world-readable.
The createLockFile() and
removeLockFile() functions improperly handle lock files, possibly
allowing for a race condition in file handling.
The smb4k_kill
utility distributed with Smb4K allows any user in the sudoers group to
kill any process on the system.
Lastly, there is the potential
for multiple stack overflows when any Smb4K utility is used with the
sudo command.

Impact :

A local attacker could gain unauthorized access to arbitrary files via
numerous attack vectors. In some cases to obtain this unauthorized
access, an attacker would have to be a member of the sudoers list.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml

Solution :

All Smb4K users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/smb4k-0.6.10a'

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 24801 (gentoo_GLSA-200703-09.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0472
CVE-2007-0473
CVE-2007-0474
CVE-2007-0475