Bug 113349

Summary: Printer configuration on fedora leaks SMB password
Product: [Fedora] Fedora Reporter: Aaron Mizrachi <admin>
Component: cupsAssignee: Tim Waugh <twaugh>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.unmanarc.com
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:00:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aaron Mizrachi 2004-01-12 22:45:41 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
CUPS: Printer services

	When we configure and start a SMB printer, the password of samba are
parsed by command line, in the fact this is a security weakness. a
malicious user can momentanly stop 192.168.0.1 interface (by some
flood, rst flags, or something) and save "ps -aux" outputs frecuently...:

root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:12345678.0.1/HP 2 unmanarc (stdin)

this show samba user and password to all users of this "multi-user"
computer.



Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
While configuring printer:

1. Configure new smb printer with redhat-config-printer-gui
2. Before write the password of SMB and press enter, flood the network
with arp/rst and other mallicious packets to cause some latency on
network operations.
3. use: "watch 'ps -aux | grep smb'" as some user, and...:
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP 12345678 -W unmanarc -c quit -U
unmanarc

buhala, ip, password, group, user are revelated.

If Printer also configured, and when have problems connection to
192.168.0.1:
only 
1. ps -aux

Actual Results:  Result 1 (when configuring): 
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP 12345678 -W unmanarc -c quit -U
unmanarc

Result 2 (when trying to connect):
root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:12345678.0.1/HP 2 unmanarc (stdin)



Expected Results:  Result 1 (when configuring): 
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP **** -W unmanarc -c quit -U unmanarc

Result 2 (when trying to connect):
root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:****@192.168.0.1/HP 2 unmanarc (stdin)


Additional info:

parsing passwords as plain-text by the command line are bad idea since
all linux users can do "ps -aux"
Comment 1 Tim Waugh 2004-01-13 08:57:12 UTC 

*** This bug has been marked as a duplicate of 101052 ***
Comment 2 Red Hat Bugzilla 2006-02-21 19:00:43 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.