This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200703-09
(Smb4K: Multiple vulnerabilities)
Kees Cook of the Ubuntu Security Team has identified multiple
vulnerabilities in Smb4K.
The writeFile() function of
smb4k/core/smb4kfileio.cpp makes insecure usage of temporary
The writeFile() function also stores the contents of
the sudoers file with incorrect permissions, allowing for the file's
contents to be world-readable.
The createLockFile() and
removeLockFile() functions improperly handle lock files, possibly
allowing for a race condition in file handling.
utility distributed with Smb4K allows any user in the sudoers group to
kill any process on the system.
Lastly, there is the potential
for multiple stack overflows when any Smb4K utility is used with the
A local attacker could gain unauthorized access to arbitrary files via
numerous attack vectors. In some cases to obtain this unauthorized
access, an attacker would have to be a member of the sudoers list.
There is no known workaround at this time.
See also :
All Smb4K users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/smb4k-0.6.10a'
Risk factor :
Medium / CVSS Base Score : 4.4