Bug 20844 - smb4k new security issue CVE-2017-8849
Summary: smb4k new security issue CVE-2017-8849
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA5-64-OK MGA5-32-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2017-05-13 19:10 CEST by David Walser
Modified: 2017-06-14 15:51 CEST (History)
5 users (show)

See Also:
Source RPM: smb4k-1.1.2-3.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2017-05-13 19:10:51 CEST 
Upstream has issued an advisory on May 10:
https://www.kde.org/info/security/advisory-20170510-2.txt

The issue has already been fixed in Cauldron by Nicolas.
Comment 1 David GEIGER 2017-06-11 10:03:17 CEST 
Fixed for mga5 updating smb4k to release 1.2.3 and also adding an upstream patch to fix CVE-2017-8849.

CC: (none) => geiger.david68210

Comment 2 David Walser 2017-06-11 17:02:16 CEST 
Thanks David!

Advisory:
========================

Updated smb4k packages fix security vulnerabilities:

Smb4k contains a logic flaw in which mount helper binary does not properly
verify the mount command it is being asked to run. This allows calling any
other binary as root since the mount helper is typically installed as suid
(CVE-2017-8849).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8849
https://www.kde.org/info/security/advisory-20170510-2.txt
========================

Updated packages in core/updates_testing:
========================
smb4k-1.2.3-1.mga5
libsmb4kcore4-1.2.3-1.mga5
smb4k-devel-1.2.3-1.mga5

from smb4k-1.2.3-1.mga5.src.rpm

CC: (none) => kde
Assignee: kde => qa-bugs

Dave Hodgins 2017-06-13 04:39:09 CEST

Whiteboard: (none) => advisory
CC: (none) => davidwhodgins

Comment 3 James Kerr 2017-06-13 23:51:45 CEST 
Packages updated cleanly:
- lib64smb4kcore4-1.2.3-1.mga5.x86_64
- smb4k-1.2.3-1.mga5.x86_64

I was able to scan the network and mount/umount a share on a Win7 system running as a guest on a different host.

Since I do not use kwallet, I had to first enter authentication credentials, as described in: https://bugs.mageia.org/show_bug.cgi?id=13478#c7

OK for mga5-64

Whiteboard: advisory => advisory MGA5-64-OK
CC: (none) => jim

Comment 4 James Kerr 2017-06-14 10:35:43 CEST 
On mga5-32 (in a vbox VM)

Packages updated cleanly:
- libsmb4kcore4-1.2.3-1.mga5.i586
- smb4k-1.2.3-1.mga5.i586

I was able to scan the network and mount/umount a share on a Win7 system running as a guest on a different host.

Since I do not use kwallet, I had to first enter authentication credentials, as described in: https://bugs.mageia.org/show_bug.cgi?id=13478#c7

OK for mga5-32

Whiteboard: advisory MGA5-64-OK => advisory MGA5-64-OK MGA5-32-OK

Comment 5 James Kerr 2017-06-14 10:37:47 CEST 
This update is now validated and can be pushed to updates

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 6 Mageia Robot 2017-06-14 15:51:14 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0171.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.