smb4k
Page content
- Author: voroskoi
- Vulnerable: 0.8.0-1
- Unaffected: 0.8.3-1terminus1
Ben Hutchings discovered the following security weaknesses in the utility programs: Due to insufficient sanitation, smb4k_mount allowed an user to mount any (local) device if the program was used in combination with sudo or super. The function findprog(), which was in present smb4k_mount, smb4k_umount, and smb4k_kill, returned a pointer to memory that was freed when the function exited. The function replace_special_characters(), that was present in smb4k_mount and smb4k_umount, returned a pointer to memory that was freed after the function exited. Additionally, it didn’t replace the hyphen.
- Bug Tracker URL: http://bugs.frugalware.org/task/1935
CVEs:
- There is no CVE for this issue, see https://developer.berlios.de/project/shownotes.php?release_id=12615