Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Cleartext SMB passwords in Novell Desktop Linux using KDE
.

  • To: [EMAIL PROTECTED]
  • Subject: Cleartext SMB passwords in Novell Desktop Linux using KDE
  • From: Mike DeMaria <[EMAIL PROTECTED]>
  • Date: Tue, 7 Dec 2004 16:16:09 -0500
.
 
Exploit: When creating a symbolic link to a file or folder located on a SMB network share using KDE, the user's name and password are displayed in clear text on the desktop. The login name and password are also in the link file's meta data in addition to the actual filename itself.
Systems affected: Novell Desktop Linux 9 when using KDE (release 3.2.1). Other distributions with KDE may be affected as well. I couldn't reproduce this on Fedora Core 3. I tried performing the same action on Novell Desktop Linux 9 with Gnome, but the GUI wouldn't let me create a symbolic link to a shared file/folder. I'm not sure if other distributions are affected.
Priority: Relatively low. Files readable by other users on the system may be able to read the meta data or file name, thus disclosing a user's password. Anyone looking over your shoulder while or after performing this action will be able to see your password.
Temporary workaround: Don't create symbolic links to networked files and folders if using KDE. The correct thing for the system to do is not put the username and password information in the filename, meta data or URL field. These should either be stored in an encrypted key repository (like Apple's Keychain) or requested every time the user accesses the network share.
Vendor status: Contact with Novell occurred on November 16, 2004. Vendor claims a fix should be out soon. 

Steps to perform the exploit:
Install NLD with KDE (either default to KDE or choose to install both KDE and Gnome) 
Log in via KDE.
Open Network Browser.
Open Windows Network.
Find an SMB Windows share.
Authenticate to the share.
Left click on a file or folder, drag it to the desktop, select "Link Here". 
A file will be created on the desktop.

File name is:
smb://username:[EMAIL PROTECTED]/path/to/file
It puts the username and password both in clear text on the desktop, in plain site of everyone. These also appear in the URL and Meta Info property location.
When I try doing that in Gnome, I get a message "Error 'Unsupported operation' while creating a link to smb://server/path/to/file" and it doesn't create the link. 

________________________________________________________
Mike DeMaria			Associate Technology Editor
[EMAIL PROTECTED]	Network Computing Magazine, CMP Media
Never apply a Star Trek solution to a Babylon 5 problem.
________________________________________________________
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.