Smb4k smb4k.tmp Symlink Arbitrary File Access

2005-08-31T07:20:25
ID OSVDB:19166
Type osvdb
Reporter OSVDB
Modified 2005-08-31T07:20:25

Description

Technical Description

The vendor fix implemented in version 0.6.3 was not adequate to prevent this issue from being exploited.

Solution Description

Upgrade to version 0.6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://smb4k.berlios.de Security Tracker: 1014862 Secunia Advisory ID:16736 Secunia Advisory ID:17636 Secunia Advisory ID:16724 Related OSVDB ID: 19167 Other Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:157 Other Advisory URL: http://smb4k.berlios.de/ Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200511-15.xml CVE-2005-2851 Bugtraq ID: 14756