[gentoo-announce] [ GLSA 200703-09 ] Smb4K: Multiple vulnerabilities - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200703-09 ] Smb4K: Multiple vulnerabilities
Date:	Fri, 09 Mar 2007 23:20:38
Message-Id:	`20070309225337.GE8086@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200703-09

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: Smb4K: Multiple vulnerabilities

9

      Date: March 09, 2007

10

      Bugs: #156152

11

        ID: 200703-09

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been identified in Smb4K.

19

20

Background

21

==========

22

23

Smb4K is a SMB/CIFS (Windows) share browser for KDE.

24

25

Affected packages

26

=================

27

28

    -------------------------------------------------------------------

29

     Package         /  Vulnerable  /                       Unaffected

30

    -------------------------------------------------------------------

31

  1  net-misc/smb4k      < 0.6.10a                          >= 0.6.10a

32

33

Description

34

===========

35

36

Kees Cook of the Ubuntu Security Team has identified multiple

37

vulnerabilities in Smb4K.

38

39

* The writeFile() function of smb4k/core/smb4kfileio.cpp makes

40

  insecure usage of temporary files.

41

42

* The writeFile() function also stores the contents of the sudoers

43

  file with incorrect permissions, allowing for the file's contents to

44

  be world-readable.

45

46

* The createLockFile() and removeLockFile() functions improperly

47

  handle lock files, possibly allowing for a race condition in file

48

  handling.

49

50

* The smb4k_kill utility distributed with Smb4K allows any user in

51

  the sudoers group to kill any process on the system.

52

53

* Lastly, there is the potential for multiple stack overflows when

54

  any Smb4K utility is used with the sudo command.

55

56

Impact

57

======

58

59

A local attacker could gain unauthorized access to arbitrary files via

60

numerous attack vectors. In some cases to obtain this unauthorized

61

access, an attacker would have to be a member of the sudoers list.

62

63

Workaround

64

==========

65

66

There is no known workaround at this time.

67

68

Resolution

69

==========

70

71

All Smb4K users should upgrade to the latest version:

72

73

    # emerge --sync

74

    # emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.10a"

75

76

References

77

==========

78

79

  [ 1 ] CVE-2007-0472

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0472

81

  [ 2 ] CVE-2007-0473

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0473

83

  [ 3 ] CVE-2007-0474

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0474

85

  [ 4 ] CVE-2007-0475

86

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0475

87

88

Availability

89

============

90

91

This GLSA and any updates to it are available for viewing at

92

the Gentoo Security Website:

93

94

  http://security.gentoo.org/glsa/glsa-200703-09.xml

95

96

Concerns?

97

=========

98

99

Security is a primary focus of Gentoo Linux and ensuring the

100

confidentiality and security of our users machines is of utmost

101

importance to us. Any security concerns should be addressed to

102

security@g.o or alternatively, you may file a bug at

103

http://bugs.gentoo.org.

104

105

License

106

=======

107

108

Copyright 2007 Gentoo Foundation, Inc; referenced text

109

belongs to its owner(s).

110

111

The contents of this document are licensed under the

112

Creative Commons - Attribution / Share Alike license.

113

114

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200703-09
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: Smb4K: Multiple vulnerabilities
9	Date: March 09, 2007
10	Bugs: #156152
11	ID: 200703-09
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been identified in Smb4K.
19
20	Background
21	==========
22
23	Smb4K is a SMB/CIFS (Windows) share browser for KDE.
24
25	Affected packages
26	=================
27
28	-------------------------------------------------------------------
29	Package / Vulnerable / Unaffected
30	-------------------------------------------------------------------
31	1 net-misc/smb4k < 0.6.10a >= 0.6.10a
32
33	Description
34	===========
35
36	Kees Cook of the Ubuntu Security Team has identified multiple
37	vulnerabilities in Smb4K.
38
39	* The writeFile() function of smb4k/core/smb4kfileio.cpp makes
40	insecure usage of temporary files.
41
42	* The writeFile() function also stores the contents of the sudoers
43	file with incorrect permissions, allowing for the file's contents to
44	be world-readable.
45
46	* The createLockFile() and removeLockFile() functions improperly
47	handle lock files, possibly allowing for a race condition in file
48	handling.
49
50	* The smb4k_kill utility distributed with Smb4K allows any user in
51	the sudoers group to kill any process on the system.
52
53	* Lastly, there is the potential for multiple stack overflows when
54	any Smb4K utility is used with the sudo command.
55
56	Impact
57	======
58
59	A local attacker could gain unauthorized access to arbitrary files via
60	numerous attack vectors. In some cases to obtain this unauthorized
61	access, an attacker would have to be a member of the sudoers list.
62
63	Workaround
64	==========
65
66	There is no known workaround at this time.
67
68	Resolution
69	==========
70
71	All Smb4K users should upgrade to the latest version:
72
73	# emerge --sync
74	# emerge --ask --oneshot --verbose ">=net-misc/smb4k-0.6.10a"
75
76	References
77	==========
78
79	[ 1 ] CVE-2007-0472
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0472
81	[ 2 ] CVE-2007-0473
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0473
83	[ 3 ] CVE-2007-0474
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0474
85	[ 4 ] CVE-2007-0475
86	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0475
87
88	Availability
89	============
90
91	This GLSA and any updates to it are available for viewing at
92	the Gentoo Security Website:
93
94	http://security.gentoo.org/glsa/glsa-200703-09.xml
95
96	Concerns?
97	=========
98
99	Security is a primary focus of Gentoo Linux and ensuring the
100	confidentiality and security of our users machines is of utmost
101	importance to us. Any security concerns should be addressed to
102	security@g.o or alternatively, you may file a bug at
103	http://bugs.gentoo.org.
104
105	License
106	=======
107
108	Copyright 2007 Gentoo Foundation, Inc; referenced text
109	belongs to its owner(s).
110
111	The contents of this document are licensed under the
112	Creative Commons - Attribution / Share Alike license.
113
114	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce