Vulnerabilities > CVE-2007-0473 - Unspecified vulnerability in Smb4K
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN smb4k
nessus
Summary
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200703-09.NASL description The remote host is affected by the vulnerability described in GLSA-200703-09 (Smb4K: Multiple vulnerabilities) Kees Cook of the Ubuntu Security Team has identified multiple vulnerabilities in Smb4K. The writeFile() function of smb4k/core/smb4kfileio.cpp makes insecure usage of temporary files. The writeFile() function also stores the contents of the sudoers file with incorrect permissions, allowing for the file last seen 2020-06-01 modified 2020-06-02 plugin id 24801 published 2007-03-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24801 title GLSA-200703-09 : Smb4K: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200703-09. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24801); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-0472", "CVE-2007-0473", "CVE-2007-0474", "CVE-2007-0475"); script_xref(name:"GLSA", value:"200703-09"); script_name(english:"GLSA-200703-09 : Smb4K: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200703-09 (Smb4K: Multiple vulnerabilities) Kees Cook of the Ubuntu Security Team has identified multiple vulnerabilities in Smb4K. The writeFile() function of smb4k/core/smb4kfileio.cpp makes insecure usage of temporary files. The writeFile() function also stores the contents of the sudoers file with incorrect permissions, allowing for the file's contents to be world-readable. The createLockFile() and removeLockFile() functions improperly handle lock files, possibly allowing for a race condition in file handling. The smb4k_kill utility distributed with Smb4K allows any user in the sudoers group to kill any process on the system. Lastly, there is the potential for multiple stack overflows when any Smb4K utility is used with the sudo command. Impact : A local attacker could gain unauthorized access to arbitrary files via numerous attack vectors. In some cases to obtain this unauthorized access, an attacker would have to be a member of the sudoers list. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200703-09" ); script_set_attribute( attribute:"solution", value: "All Smb4K users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/smb4k-0.6.10a'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:smb4k"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/12"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/smb4k", unaffected:make_list("ge 0.6.10a"), vulnerable:make_list("lt 0.6.10a"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Smb4K"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-042.NASL description Kees Cook performed an audit on the Smb4K program and discovered a number of vulnerabilities and security weaknesses that have been addressed and corrected in Smb4K 0.8.0 which is being provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 24655 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24655 title Mandrake Linux Security Advisory : smb4k (MDKSA-2007:042) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:042. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24655); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-0472", "CVE-2007-0473", "CVE-2007-0474", "CVE-2007-0475"); script_xref(name:"MDKSA", value:"2007:042"); script_name(english:"Mandrake Linux Security Advisory : smb4k (MDKSA-2007:042)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Kees Cook performed an audit on the Smb4K program and discovered a number of vulnerabilities and security weaknesses that have been addressed and corrected in Smb4K 0.8.0 which is being provided with this update." ); # https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e9e3dc68" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smb4k0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64smb4k0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmb4k0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libsmb4k0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:smb4k"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64smb4k0-0.8.0-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64smb4k0-devel-0.8.0-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libsmb4k0-0.8.0-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libsmb4k0-devel-0.8.0-1.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"smb4k-0.8.0-1.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
- http://developer.berlios.de/bugs/?func=detailbug&bug_id=9630&group_id=769
- http://developer.berlios.de/project/shownotes.php?release_id=11706
- http://developer.berlios.de/project/shownotes.php?release_id=11706
- http://developer.berlios.de/project/shownotes.php?release_id=11902
- http://developer.berlios.de/project/shownotes.php?release_id=11902
- http://developer.berlios.de/project/shownotes.php?release_id=9777
- http://developer.berlios.de/project/shownotes.php?release_id=9777
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0015.html
- http://secunia.com/advisories/23937
- http://secunia.com/advisories/23937
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/23984
- http://secunia.com/advisories/24111
- http://secunia.com/advisories/24111
- http://secunia.com/advisories/24469
- http://secunia.com/advisories/24469
- http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
- http://www.gentoo.org/security/en/glsa/glsa-200703-09.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:042
- http://www.securityfocus.com/bid/22299
- http://www.securityfocus.com/bid/22299
- http://www.vupen.com/english/advisories/2007/0393
- http://www.vupen.com/english/advisories/2007/0393
- https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html
- https://lists.berlios.de/pipermail/smb4k-announce/2006-December/000037.html