The remote host is affected by the vulnerability described in GLSA-200511-15 (Smb4k: Local unauthorized file access)
A vulnerability leading to unauthorized file access has been found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a textfile will cause Smb4k to write the contents of these files to the target of the symlink, as Smb4k does not check for the existence of these files before writing to them.
Impact :
An attacker could acquire local privilege escalation by adding username(s) to the list of sudoers.
Workaround :
There is no known workaround at this time.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200511-15.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20236);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-2851");
script_xref(name:"GLSA", value:"200511-15");
script_name(english:"GLSA-200511-15 : Smb4k: Local unauthorized file access");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-200511-15
(Smb4k: Local unauthorized file access)
A vulnerability leading to unauthorized file access has been
found. A pre-existing symlink from /tmp/sudoers and /tmp/super.tab to a
textfile will cause Smb4k to write the contents of these files to the
target of the symlink, as Smb4k does not check for the existence of
these files before writing to them.
Impact :
An attacker could acquire local privilege escalation by adding
username(s) to the list of sudoers.
Workaround :
There is no known workaround at this time."
);
script_set_attribute(
attribute:"see_also",
value:"http://smb4k.berlios.de/"
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/200511-15"
);
script_set_attribute(
attribute:"solution",
value:
"All smb4k users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/smb4k-0.6.4'"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:smb4k");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2005/11/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/21");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/29");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"net-misc/smb4k", unaffected:make_list("ge 0.6.4"), vulnerable:make_list("lt 0.6.4"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());
else security_note(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Smb4k");
}