*** This bug is a security vulnerability *** Public security bug reported:
In Quantal, as a guest user you can create a network connection with an arbitrary mac address - I take that as a security hole (being able to break another machine on the network). (actually in this case the guest user you get to register a remote desktop account, you can get a terminal in it - that might be another security issue) Go to the network manager icon and edit connections Wired network Add connection Choose the eth0/deault device mac address Type in a MAC address of your own evil making in the 'cloned mac address' box Untick 'available to all users' and Save Now, you have a new connection, but it's not up Open a terminal and use nmcli con to list the network connections, and note the UUID of your new one. Now do nmcli con up uuid ..... where ..... is the UUID you just got. You're now spoofing someone elses MAC address. ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: network-manager 0.9.6.0-0ubuntu7 ProcVersionSignature: Ubuntu 3.5.0-15.22-generic 3.5.4 Uname: Linux 3.5.0-15-generic x86_64 ApportVersion: 2.5.2-0ubuntu4 Architecture: amd64 CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. Date: Sun Sep 23 16:41:47 2012 IfupdownConfig: auto lo iface lo inet loopback InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Alpha amd64+mac (20120905.2) IpRoute: default via 192.168.122.1 dev eth0 proto static 169.254.0.0/16 dev eth0 scope link metric 1000 192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.34 metric 1 IwConfig: eth0 no wireless extensions. lo no wireless extensions. NetworkManager.state: [main] NetworkingEnabled=true WirelessEnabled=true WWANEnabled=true WimaxEnabled=true ProcEnviron: LANGUAGE=en_GB:en TERM=xterm PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash RfKill: SourcePackage: network-manager UpgradeStatus: No upgrade log present (probably fresh install) nmcli-con: NAME UUID TYPE TIMESTAMP TIMESTAMP-REAL AUTOCONNECT READONLY DBUS-PATH Wired connection 1 90a0ede6-43a8-4ad1-a26c-b17a52146725 802-3-ethernet 1348414780 Sun 23 Sep 2012 16:39:40 BST yes no /org/freedesktop/NetworkManager/Settings/0 nmcli-dev: DEVICE TYPE STATE DBUS-PATH eth0 802-3-ethernet connected /org/freedesktop/NetworkManager/Devices/0 nmcli-nm: RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE WIFI WWAN-HARDWARE WWAN running 0.9.6.0 connected enabled enabled enabled enabled disabled ** Affects: network-manager (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug quantal running-unity -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1055068 Title: Guest user can use arbitrary MAC addresses To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1055068/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs