First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 111089
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Ilya Hegai <vyacheslavovich@gmail.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
smb4k-0.6.4.ebuild smb4k-0.6.4.ebuild text/plain Ilya Hegai 2005-11-01 00:17 0000 565 bytes Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 111089 depends on: Show dependency tree
Bug 111089 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-11-01 00:16 0000 
Smb4K 0.6.4 has been released at 30.10

Smb4K is a SMB/CIFS share browser for KDE. It uses the Samba software suite to access 
the SMB/CIFS shares of the local network neighborhood.

There is smb4k-0.6.4.ebuild in the attach, I've just renamed previous 0.6.3.ebuild and 
compiled it successfully

------- Comment #1 From Ilya Hegai 2005-11-01 00:17:44 0000 ------- 
Created an attachment (id=71850) [details]
smb4k-0.6.4.ebuild

------- Comment #2 From Carsten Lohrke 2005-11-01 14:23:33 0000 ------- 
Ilya: If the ebuild doesn't need to be changed, attaching it is unnecessary. If
you attach something, a unified diff is preferred.


Seems we missed something...


ChangeLog Smb4K 0.6.3:

    * Fixed security issue: An attacker could get access to the full contents of
the /etc/super.tab or /etc/sudoers file by linking a simple text file FILE to
/tmp/smb4k.tmp and /tmp/sudoers, respectively, because Smb4K didn't check for
the existance of these files before writing any contents. When using super, the
attack also resulted in /etc/super.tab being a symlink to FILE.

ChangeLog Smb4K 0.6.4:

    * REALLY fixed the security issues in Smb4KFileIO. Now, temporary files and
directories are used to copy and modify sensitive data and the lock file is
checked to be not a symlink.


v.0.6.4 just hit cvs

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-11-01 22:14:15 0000 ------- 
Arches please test and mark stable.

------- Comment #4 From Michael Hanselmann (hansmi) (RETIRED) 2005-11-02 10:09:33 0000 ------- 
Stable on ppc.

------- Comment #5 From Mark Loeser 2005-11-02 23:09:39 0000 ------- 
x86 done

------- Comment #6 From Marcus D. Hanwell 2005-11-04 16:19:31 0000 ------- 
Stable on amd64.

------- Comment #7 From Thierry Carrez (RETIRED) 2005-11-05 00:57:26 0000 ------- 
Ready for GLSA vote.

------- Comment #8 From Thierry Carrez (RETIRED) 2005-11-09 02:13:27 0000 ------- 
I tend to vote yes, but I don't understand what the exact impact is...

------- Comment #9 From Sune Kloppenborg Jeppesen 2005-11-09 02:18:34 0000 ------- 
A weak NO from here. 
 
Carlo, could you elaborate on the impact?

------- Comment #10 From Thierry Carrez (RETIRED) 2005-11-15 01:02:45 0000 ------- 
Looking at the cdoe, in fact smb4k does (as kdesu root) the following :
chown root:root "+tmp_path+" && chmod "+perm+" "+tmp_path+" && mv "+tmp_path+"
"+item->path()

with item->path() = /etc/sudoers... and tmp_path might be under the control of
the attacker, so it smells very bad.

I vote yes, but in fact I think no vote is needed.

------- Comment #11 From Sune Kloppenborg Jeppesen 2005-11-18 07:14:21 0000 ------- 
GLSA 200511-15
First Last Prev Next    No search results available      Search page      Enter new bug