Mandrake Linux Security Advisory : smb4k (MDKSA-2005:157)
Low Nessus Plugin ID 19912
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionA severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE.
Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.
The updated packages have been patched to correct this problem.
SolutionUpdate the affected smb4k package.