[FS#2330] Samba - smb.conf templating allows arbitrary injections of samba configurations

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Mon Aug 17 04:08:38 EDT 2020


THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has a new comment added:

FS#2330 - Samba - smb.conf templating allows arbitrary injections of samba configurations
User who did this - telia (telia)

----------
Vulnerable code is:

https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/services/samba36/files/samba.init;h=1c5bb3b3c43eacc6ee3a181a16b63c906365b81b;hb=refs/heads/openwrt-18.06#l32


  32         sed -e "s#|NAME|#$name#g" \
  33             -e "s#|WORKGROUP|#$workgroup#g" \
  34             -e "s#|DESCRIPTION|#$description#g" \
  35             -e "s#|INTERFACES|#$interfaces#g" \
  36             -e "s#|CHARSET|#$charset#g" \
  37             /etc/samba/smb.conf.template > /var/etc/smb.conf


Any variables passed into sed like $name, $workgroup and others must be sanitized and all control symbols such "#" replaced or properly escaped
----------

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=2330#comment8671

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.



More information about the openwrt-bugs mailing list