Bug 113349 - Printer configuration on fedora leaks SMB password
Printer configuration on fedora leaks SMB password
Status: CLOSED DUPLICATE of bug 101052
Product: Fedora
Classification: Fedora
Component: cups (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
http://www.unmanarc.com
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-12 17:45 EST by Aaron Mizrachi
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:00:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aaron Mizrachi 2004-01-12 17:45:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
CUPS: Printer services

	When we configure and start a SMB printer, the password of samba are
parsed by command line, in the fact this is a security weakness. a
malicious user can momentanly stop 192.168.0.1 interface (by some
flood, rst flags, or something) and save "ps -aux" outputs frecuently...:

root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:12345678@192.168.0.1/HP 2 unmanarc (stdin)

this show samba user and password to all users of this "multi-user"
computer.



Version-Release number of selected component (if applicable):


How reproducible:
Sometimes

Steps to Reproduce:
While configuring printer:

1. Configure new smb printer with redhat-config-printer-gui
2. Before write the password of SMB and press enter, flood the network
with arp/rst and other mallicious packets to cause some latency on
network operations.
3. use: "watch 'ps -aux | grep smb'" as some user, and...:
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP 12345678 -W unmanarc -c quit -U
unmanarc

buhala, ip, password, group, user are revelated.

If Printer also configured, and when have problems connection to
192.168.0.1:
only 
1. ps -aux

Actual Results:  Result 1 (when configuring): 
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP 12345678 -W unmanarc -c quit -U
unmanarc

Result 2 (when trying to connect):
root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:12345678@192.168.0.1/HP 2 unmanarc (stdin)



Expected Results:  Result 1 (when configuring): 
root     19025  0.8  0.6  8012 2384 ?        S    18:31   0:00
/usr/bin/smbclient //192.168.0.1/HP **** -W unmanarc -c quit -U unmanarc

Result 2 (when trying to connect):
root     14679  0.0  0.5  9624 2124 ?        S    04:02   0:00
smb://unmanarc:****@192.168.0.1/HP 2 unmanarc (stdin)


Additional info:

parsing passwords as plain-text by the command line are bad idea since
all linux users can do "ps -aux"
Comment 1 Tim Waugh 2004-01-13 03:57:12 EST

*** This bug has been marked as a duplicate of 101052 ***
Comment 2 Red Hat Bugzilla 2006-02-21 14:00:43 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.