• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SMB4K Multiple Vulnerabilities

Severity: HIGH

Description:

The 'smb4K' program is an SMB/CIFS share browser for KDE.

The application is prone to multiple vulnerabilities, including:

- A buffer-overflow vulnerability. This issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Specifically, this issue occurs when the application handles passed arguments.

- A denial-of-service vulnerability. This issue is due to a design error in the affected application. Specifically, 'smb4k_kill' utility can be used to kill arbitrary processes on affected computers.

- An information-disclosure vulnerability. This issue is due to a design error in the affected application. Specifically, the 'writeFile()' function stores the contents of a temporary copy of 'sudoer' within a world-readable file.

- An insecure-temporary-file-creation vulnerability. This issue is due to a race condition in the affected application. Specifically, this condition occurs when the 'writeFile()' function calls the insecure 'mktemp()' function. An attacker my exploit this issue to add unauthorized users to the 'sudoer' file, allowing the attacker to run 'sudo'.

An attacker can exploit this issue to completely compromise affected computers. This includes executing arbitrary code with superuser privileges, crashing arbitrary processes, gaining access to sensitive information, and writing to the 'sudoers' file.

These issues affect version 0.8.0; other versions may also be affected.

Affected Products:

• Gentoo Linux
• MandrakeSoft Linux Mandrake 2007.0
• MandrakeSoft Linux Mandrake 2007.0 x86_64
• Pardus Linux 2007.1
• S.u.S.E. openSUSE 10.2
• Smb4k Smb4k 0.4.0
• Smb4k Smb4k 0.5.0
• Smb4k Smb4k 0.5.1
• Smb4k Smb4k 0.6.0
• Smb4k Smb4k 0.6.3
• Smb4k Smb4k 0.7.5

References:

• BeriOS: [ Bug #9630 ] security: weaknesses in smb4k/core/smb4kfileio.cpp
• BerliOS: [ Bug #9631 ] security: weaknesses in utilities/smb4k_*.cpp
• smb4k: smb4k Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.