Mandrake Linux Security Advisory : smb4k (MDKSA-2005:157)

Low Nessus Plugin ID 19912


The remote Mandrake Linux host is missing a security update.


A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/ or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/ being a symlink to FILE.

Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.

The updated packages have been patched to correct this problem.


Update the affected smb4k package.

See Also

Plugin Details

Severity: Low

ID: 19912

File Name: mandrake_MDKSA-2005-157.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2005/10/05

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:smb4k, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/09/06

Reference Information

CVE: CVE-2005-2851

MDKSA: 2005:157