OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Packages
  • Assigned To No-one
  • Operating System All
  • Severity High
  • Priority Very Low
  • Reported Version All
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Luca Piccirillo - 19.06.2019

FS#2330 - Samba - smb.conf templating allows arbitrary injections of samba configurations

First, I have to say I’m not 100% sure it is something to be addressed within samba package itself, so forgive me if this is something you have already evaluated as not being an issue.

In short, something like that works:

 […]
    option workgroup 'WORKGROUP\
    security = share\
    guest account = root\
    interfaces = lo br-lan\
\
[ohnonotagain]'

I’m not sure this works in plain openwrt images, but there exists a widely deployed commercial fork of openwrt which is definitely vulnerable to some exploit chain involving this one in the middle.
You could argue that the right of modifying uci config already gives an equivalent authorization level, or this should have been sanitized at user interface. So, is this something you consider safe?

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing