- Package name
- Advisory ID
- Affected versions
- 10.2 i586 , 10.1 i586
A severe security issue has been discovered in Smb4K. By linking a
simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker
could get access to the full contents of the /etc/super.tab or
/etc/sudoers file, respectively, because Smb4K didn't check for the
existance of these files before writing any contents. When using super,
the attack also resulted in /etc/super.tab being a symlink to FILE.
Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K.
The updated packages have been patched to correct this problem.
a1fd04d53c4c32d69f74bf17a255c250 10.2/RPMS/smb4k-0.5.1-1.1.102mdk.i586.rpm 30d1745f5dafea4c2d12c7b6a7c09526 10.2/SRPMS/smb4k-0.5.1-1.1.102mdk.src.rpm
dd4471a3de6feb035637f15dd75d8d56 10.1/RPMS/smb4k-0.4.0-3.1.101mdk.i586.rpm d56d014b32bf1ec767fc018f0e40c245 10.1/SRPMS/smb4k-0.4.0-3.1.101mdk.src.rpm