[FS#2330] Samba - smb.conf templating allows arbitrary injections of samba configurations
OpenWrt Bugs
openwrt-bugs at lists.openwrt.org
Mon Aug 17 04:08:38 EDT 2020
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
The following task has a new comment added:
FS#2330 - Samba - smb.conf templating allows arbitrary injections of samba configurations
User who did this - telia (telia)
----------
Vulnerable code is:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/services/samba36/files/samba.init;h=1c5bb3b3c43eacc6ee3a181a16b63c906365b81b;hb=refs/heads/openwrt-18.06#l32
32 sed -e "s#|NAME|#$name#g" \
33 -e "s#|WORKGROUP|#$workgroup#g" \
34 -e "s#|DESCRIPTION|#$description#g" \
35 -e "s#|INTERFACES|#$interfaces#g" \
36 -e "s#|CHARSET|#$charset#g" \
37 /etc/samba/smb.conf.template > /var/etc/smb.conf
Any variables passed into sed like $name, $workgroup and others must be sanitized and all control symbols such "#" replaced or properly escaped
----------
More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=2330#comment8671
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the openwrt-bugs
mailing list