113349 – Printer configuration on fedora leaks SMB password

Bug 113349 - Printer configuration on fedora leaks SMB password

Summary: Printer configuration on fedora leaks SMB password

Keywords:
Status:	CLOSED DUPLICATE of bug 101052
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cups
Sub Component:
Version:	1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:
Docs Contact:
URL:	http://www.unmanarc.com
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-01-12 22:45 UTC by Aaron Mizrachi
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-02-21 19:00:43 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Aaron Mizrachi 2004-01-12 22:45:41 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
CUPS: Printer services

	When we configure and start a SMB printer, the password of samba are
parsed by command line, in the fact this is a security weakness. a
malicious user can momentanly stop 192.168.0.1 interface (by some
flood, rst flags, or something) and save "ps -aux" outputs frecuently...:

root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:12345678.0.1/HP 2 unmanarc (stdin)

this show samba user and password to all users of this "multi-user"
computer.



Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
While configuring printer:

1. Configure new smb printer with redhat-config-printer-gui
2. Before write the password of SMB and press enter, flood the network
with arp/rst and other mallicious packets to cause some latency on
network operations.
3. use: "watch 'ps -aux | grep smb'" as some user, and...:
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP 12345678 -W unmanarc -c quit -U
unmanarc

buhala, ip, password, group, user are revelated.

If Printer also configured, and when have problems connection to
192.168.0.1:
only 
1. ps -aux

Actual Results:  Result 1 (when configuring): 
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP 12345678 -W unmanarc -c quit -U
unmanarc

Result 2 (when trying to connect):
root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:12345678.0.1/HP 2 unmanarc (stdin)



Expected Results:  Result 1 (when configuring): 
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP **** -W unmanarc -c quit -U unmanarc

Result 2 (when trying to connect):
root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:****@192.168.0.1/HP 2 unmanarc (stdin)


Additional info:

parsing passwords as plain-text by the command line are bad idea since
all linux users can do "ps -aux"

Comment 1 Tim Waugh 2004-01-13 08:57:12 UTC


*** This bug has been marked as a duplicate of 101052 ***

Comment 2 Red Hat Bugzilla 2006-02-21 19:00:43 UTC

Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.