SMB authentication information may be stored as plain text within URI shortcuts. As a result, a local attacker may be able read the authentication information and gain access to the share.
SMB is a protocol for sharing data and resources between computers. Many operating systems support accessing SMB shares via URIs of the form:
If a shortcut to a protected SMB share is created, the URI (including the password section) will be stored as plain text within the shortcut. If an attacker can access the properties of the shortcut, they will be able to read the password and may be able to gain access to the protected share.
According to reports, this vulnerability affects the KDE Desktop Environment. However, other applications or operating systems may be affected as well.
If a local attacker can create (or persuade a user to create) a shortcut to a protected SMB share and then gain access to that shortcut's properties, they will be able to read the SMB share's authentication information and consequently, gain access to the protected SMB share.
We are currently unaware of a solution to this problem.
KDE Desktop Environment Project Affected
NEC Corporation Not Affected
Hewlett-Packard Company Unknown
IBM eServer Unknown
Ingrian Networks Unknown
MontaVista Software Unknown
Openwall GNU/*/Linux Unknown
Red Hat Inc. Unknown
SuSE Inc. Unknown
Sun Microsystems Inc. Unknown
This vulnerability was reported by Daniel Fabian.
This document was written by Jeff Gennari.
|Date First Published:||2004-12-13|
|Date Last Updated:||2005-03-17 16:02 UTC|