*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
I think I have found a Samba security concern. When connecting to a
secure network via OpenVPN, secure samba LMB server announces shares to
the client on the other end of the encrypted tunnel. Samba on the client
end takes this information and rebroadcasts it on the insecure network,
providing insight into what would otherwise be a secure network.
Use case:
Jim goes to Starbucks, connects to wiki, and secures an OpenVPN connection
with his work.
After connecting, server sends a Samba share list.
His samba client rebroadcasts it so that everyone at Starbucks can see the
shares.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: samba (not installed)
ProcVersionSignature: Ubuntu 3.2.0-19.30-generic-pae 3.2.11
Uname: Linux 3.2.0-19-generic-pae i686
NonfreeKernelModules: wl
ApportVersion: 1.94.1-0ubuntu2
Architecture: i386
Date: Sun Mar 18 16:29:47 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120222)
ProcEnviron:
TERM=xterm
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 precise
--
Samba rebroadcasts information it should not
https://bugs.launchpad.net/bugs/958831
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
