[Bug 380272] [NEW] /etb/mtab shows cifs mount options usernames and password

Launchpad Bug Tracker 380272 at bugs.launchpad.net
Wed Jun 3 22:56:56 BST 2009


*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

Binary package hint: mount

When mounting CIFS share you can read all mount options from /etc/mtab.
This is major security risk if you are using shared network resources.
Here is example of mine cifs mount information:

//192.168.1.10/Te****t /home/<username>/Mount/Te****t cifs
rw,username=<username>,password=<password>,iocharset=utf8,file_mode=0777,dir_mode=0777,uid=1000
0 0

I found this on Ubuntu 8.10 server and 9.10 desktop edition.

Could this one fix it : 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298725

- Terrrorr

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
/etb/mtab shows cifs mount options usernames and password
https://bugs.edge.launchpad.net/bugs/380272
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu.



More information about the Ubuntu-server-bugs mailing list