Public bug reported:
Binary package hint: network-manager
dpkg -l network-manager | grep ^ii
ii network-manager 0.6.4-6ubuntu4 network management framework daemon
Steps to reproduce:
Enable XDMCP in the login manager screen ( System - Administration - Login
Window )
Restart gdm
Create a new totally unprivileged user - sudo adduser foo
Login from another machine on the network using xdmcp
Right click the nm-applet, disable networking, and the network
connection goes down immediately for the host you have logged into
remotely.
This is a grave flaw. It means *any* user logged in through xdmcp can
bring the network down from the machine that the remote user has logged
in to
Notice that this works whether or not tcp connections are allowed
through the "remote" dialogues in the login window admin screen
** Affects: network-manager (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
network-manager allows an unprivileged user to disconnect the network from
xdmcp login
https://bugs.launchpad.net/bugs/104173
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
