Paketname
smb4k
Datum
2005-09-06
Advisory ID
MDKSA-2005:157
Betroffene Versionen
10.2 i586 , 10.1 i586

Problembeschreibung

A severe security issue has been discovered in Smb4K. By linking a
simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker
could get access to the full contents of the /etc/super.tab or
/etc/sudoers file, respectively, because Smb4K didn't check for the
existance of these files before writing any contents. When using super,
the attack also resulted in /etc/super.tab being a symlink to FILE.

Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.

The updated packages have been patched to correct this problem.

Aktualisierte Pakete

10.2 i586

 a1fd04d53c4c32d69f74bf17a255c250  10.2/RPMS/smb4k-0.5.1-1.1.102mdk.i586.rpm
 30d1745f5dafea4c2d12c7b6a7c09526  10.2/SRPMS/smb4k-0.5.1-1.1.102mdk.src.rpm

10.1 i586

 dd4471a3de6feb035637f15dd75d8d56  10.1/RPMS/smb4k-0.4.0-3.1.101mdk.i586.rpm
 d56d014b32bf1ec767fc018f0e40c245  10.1/SRPMS/smb4k-0.4.0-3.1.101mdk.src.rpm

Referenzen