Summary: | net-misc/smb4k information disclosure | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Ilya Hegai <vyacheslavovich> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | kde | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B1? [glsa] jaervosz | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Ilya Hegai
2005-11-01 00:16:15 UTC
Created attachment 71850 [details]
smb4k-0.6.4.ebuild
Ilya: If the ebuild doesn't need to be changed, attaching it is unnecessary. If you attach something, a unified diff is preferred. Seems we missed something... ChangeLog Smb4K 0.6.3: * Fixed security issue: An attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file by linking a simple text file FILE to /tmp/smb4k.tmp and /tmp/sudoers, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE. ChangeLog Smb4K 0.6.4: * REALLY fixed the security issues in Smb4KFileIO. Now, temporary files and directories are used to copy and modify sensitive data and the lock file is checked to be not a symlink. v.0.6.4 just hit cvs Arches please test and mark stable. Stable on ppc. x86 done Stable on amd64. Ready for GLSA vote. I tend to vote yes, but I don't understand what the exact impact is... A weak NO from here. Carlo, could you elaborate on the impact? Looking at the cdoe, in fact smb4k does (as kdesu root) the following : chown root:root "+tmp_path+" && chmod "+perm+" "+tmp_path+" && mv "+tmp_path+" "+item->path() with item->path() = /etc/sudoers... and tmp_path might be under the control of the attacker, so it smells very bad. I vote yes, but in fact I think no vote is needed. GLSA 200511-15 |