[Bug 958831] Re: Samba rebroadcasts information it should not

[Clint Byrum]

I think its a valid idea to make that the default configuration.
Consideration must be given to the effect that would have on both casual
home network users and corporate users, but it should at least be
considered. For that reason, I'll leave this as 'New' while developers
consider it, and set the priority to Medium, since it has a workaround.

** Changed in: samba (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/958831

Title:
  Samba rebroadcasts information it should not

Status in “samba” package in Ubuntu:
  New

Bug description:
  I think I have found a Samba security concern. When connecting to a
  secure network via OpenVPN, secure samba LMB server announces shares
  to the client on the other end of the encrypted tunnel. Samba on the
  client end takes this information and rebroadcasts it on the insecure
  network, providing insight into what would otherwise be a secure
  network.

  Use case:
  Jim goes to Starbucks, connects to wiki,  and secures an OpenVPN connection with his work.
  After connecting, server sends a Samba share list.
  His samba client rebroadcasts it so that everyone at Starbucks can see the shares.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: samba (not installed)
  ProcVersionSignature: Ubuntu 3.2.0-19.30-generic-pae 3.2.11
  Uname: Linux 3.2.0-19-generic-pae i686
  NonfreeKernelModules: wl
  ApportVersion: 1.94.1-0ubuntu2
  Architecture: i386
  Date: Sun Mar 18 16:29:47 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120222)
  ProcEnviron:
   TERM=xterm
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: samba
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/958831/+subscriptions