Package: gsambad
Version: 0.1.5-5
Severity: grave
Usertags: sourcescan
*** Please type your report below this line ***
Security issue: CVE-2007-2838
The gsambad package contains a binary (which may only be
executed by the root user) with the following code in it:
if((fp=popen("touch /tmp/gsambadtmp && chmod 600 /tmp/gsambadtmp
&& smbstatus 2>&1> /tmp/gsambadtmp", "w"))==NULL)
{
/* Dont show a popup */
return;
}
This can be used to create/trash arbitary files upon the system with
a symlink attack.
Steve
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]