Bug#394835: cupsys-client: cupsaddsmb leaks password information to everybody
Package: cupsys-client
Version: 1.1.23-10sarge1
Severity: grave
Tags: security
Justification: user security hole
Hi.
I just noticed that command 'cupsaddsmb' uses
smbclient -U'USER%PASSWORD'
to establish a connection to the SMB server. This command line is
visible to everybody on the system running 'cupsaddsmb', meaning
that the password can easily be copied by an average user and used
for malicious manipulations of printer drivers later installed via
Samba printing services.
I'd suggest that 'cupsaddsmb' use smbclient's -A option to pass
authentication information to smbclient in a secure way.
Alternatively, process environment ($PASSWD) may also be an option.
Cheers,
Alex
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.17-2-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages cupsys-client depends on:
ii adduser 3.63 Add and remove users and groups
ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an
ii libcupsys2-gnutls10 1.1.23-10sarge1 Common UNIX Printing System(tm) -
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- no debconf information
Reply to: