Package name
Advisory ID
Affected versions
10.2 i586 , 10.1 i586

Problem description

A severe security issue has been discovered in Smb4K. By linking a
simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker
could get access to the full contents of the /etc/ or
/etc/sudoers file, respectively, because Smb4K didn't check for the
existance of these files before writing any contents. When using super,
the attack also resulted in /etc/ being a symlink to FILE.

Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.

The updated packages have been patched to correct this problem.

Updated packages

10.2 i586

 a1fd04d53c4c32d69f74bf17a255c250  10.2/RPMS/smb4k-0.5.1-1.1.102mdk.i586.rpm
 30d1745f5dafea4c2d12c7b6a7c09526  10.2/SRPMS/smb4k-0.5.1-1.1.102mdk.src.rpm

10.1 i586

 dd4471a3de6feb035637f15dd75d8d56  10.1/RPMS/smb4k-0.4.0-3.1.101mdk.i586.rpm
 d56d014b32bf1ec767fc018f0e40c245  10.1/SRPMS/smb4k-0.4.0-3.1.101mdk.src.rpm