First Last Prev Next    This bug is not in your last search results.
Bug 56499 - Normal users can access /var/univention-backup/samba
Normal users can access /var/univention-backup/samba
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-4-errata
Assigned To: Arvid Requate
Juan Pedro Torres
https://git.knut.univention.de/univen...
:
Depends on:
Blocks: 56501 56516
  Show dependency treegraph
 
Reported: 2023-08-29 10:35 CEST by Arvid Requate
Modified: 2023-11-01 14:58 CET (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 8.2 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2023-08-29 10:35:27 CEST 
The permissions for /var/univention-backup/samba are not strict enough. By default that is not a problem, because UCS Samba/AD DCs are only accessible via ssh for "Domain Admins" but not for "Domain Users" by default. Yet, it's too easy for Administrators to shoot themselves in the foot this way.
Comment 1 Arvid Requate univentionstaff 2023-08-29 13:40:28 CEST 
e693391857 | Tighten access to /var/univention-backup/samba

Package: univention-samba4
Version: 9.0.13-7
Branch: ucs_5.0-0
Scope: errata5.0-4
Comment 2 Juan Pedro Torres univentionstaff 2023-08-29 13:54:29 CEST 
OK: root@master:~# ls -la /var/univention-backup/
total 16
drwxr-xr-x  4 root root 4096 ago 29 13:29 .
drwxr-xr-x 14 root root 4096 ago 29 12:25 ..
drwxr-xr-x  2 root root 4096 feb  3  2023 etc
drwx------  2 root root 4096 ago 15 16:00 samba
Comment 4 Arvid Requate univentionstaff 2023-11-01 14:54:47 CET 
This is tracked as CVE-2023-44465.
First Last Prev Next    This bug is not in your last search results.