Vulnerabilities > CVE-2005-2851 - Unspecified vulnerability in Smb4K 0.4/0.5/0.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN smb4k
nessus
Summary
smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200511-15.NASL description The remote host is affected by the vulnerability described in GLSA-200511-15 (Smb4k: Local unauthorized file access) A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as Smb4k does not check for the existence of these files before writing to them. Impact : An attacker could acquire local privilege escalation by adding username(s) to the list of sudoers. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20236 published 2005-11-21 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20236 title GLSA-200511-15 : Smb4k: Local unauthorized file access code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200511-15. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(20236); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2005-2851"); script_xref(name:"GLSA", value:"200511-15"); script_name(english:"GLSA-200511-15 : Smb4k: Local unauthorized file access"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200511-15 (Smb4k: Local unauthorized file access) A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as Smb4k does not check for the existence of these files before writing to them. Impact : An attacker could acquire local privilege escalation by adding username(s) to the list of sudoers. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"http://smb4k.berlios.de/" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200511-15" ); script_set_attribute( attribute:"solution", value: "All smb4k users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/smb4k-0.6.4'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:smb4k"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/21"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/smb4k", unaffected:make_list("ge 0.6.4"), vulnerable:make_list("lt 0.6.4"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Smb4k"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-157.NASL description A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn last seen 2020-06-01 modified 2020-06-02 plugin id 19912 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19912 title Mandrake Linux Security Advisory : smb4k (MDKSA-2005:157) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:157. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(19912); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2005-2851"); script_xref(name:"MDKSA", value:"2005:157"); script_name(english:"Mandrake Linux Security Advisory : smb4k (MDKSA-2005:157)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "A severe security issue has been discovered in Smb4K. By linking a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an attacker could get access to the full contents of the /etc/super.tab or /etc/sudoers file, respectively, because Smb4K didn't check for the existance of these files before writing any contents. When using super, the attack also resulted in /etc/super.tab being a symlink to FILE. Affected are all versions of the 0.4, 0.5, and 0.6 series of Smb4K. The updated packages have been patched to correct this problem." ); script_set_attribute( attribute:"see_also", value:"http://smb4k.berlios.de" ); script_set_attribute(attribute:"solution", value:"Update the affected smb4k package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:smb4k"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"smb4k-0.4.0-3.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"smb4k-0.5.1-1.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://secunia.com/advisories/16724
- http://secunia.com/advisories/16724
- http://secunia.com/advisories/17636
- http://secunia.com/advisories/17636
- http://smb4k.berlios.de/
- http://smb4k.berlios.de/
- http://www.gentoo.org/security/en/glsa/glsa-200511-15.xml
- http://www.gentoo.org/security/en/glsa/glsa-200511-15.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:157
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:157
- http://www.securityfocus.com/bid/14756
- http://www.securityfocus.com/bid/14756