ports/72867: [PATCH] unsecure smbldap-passwd from net/smbldap-tools when changin LDAP password

Pawel Wielebap wielebap at iem.pw.edu.pl
Tue Oct 19 10:30:21 UTC 2004

>Number:         72867
>Category:       ports
>Synopsis:       [PATCH] unsecure smbldap-passwd from net/smbldap-tools when changin LDAP password
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 19 10:30:20 GMT 2004
>Originator:     Pawel Wielebap
>Release:        FreeBSD 6.0
FreeBSD volt.iem.pw.edu.pl 6.0-CURRENT FreeBSD 6.0-CURRENT #0:
A problem and the solution is described in the article:
I also enclosed there 2 specific script modifications which can do as main passwd programme, and can be run in setuid mode.

- Script smbldap-passwd cannot be run with perl -T (taint) option turned on.
- If slappasswd is not available userPassword field is still modified with the empty password!!! and samba password is still modified with the entered password.
- Script smbldap-passwd requires slappasswd to generate password and this is not configurable. Slappasswd is an external programme so it is rather not as secure as using perl libraries.

Rename /usr/local/sbin/slappasswd and run smbldap-passwd. An empty password will be applied.

Use tainted password like: 'pass; rm -R ~;'
A modified port can be downloaded from:

I have rebuild the structure of smbldap-passwd script.
This script can be downloaded from:
I don't place the code here because it is very long, so please download it from my web.

You have to apply a patch to /usr/local/etc/smbldap-tools/smbldap.conf
It can be downloaded from:
The patch:
% cat smbldap.conf.diff-freebsd
--- smbldap.conf.orig   Tue Oct 19 11:41:37 2004
+++ smbldap.conf        Tue Oct 19 11:42:43 2004
@@ -106,7 +106,7 @@
 # Default scope Used

-# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)
+# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)

 # if hash_encrypt is set to CRYPT, you may set a salt format.
@@ -189,4 +189,10 @@
 # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
 # prefer Crypt::SmbHash library
+# Allows not tu use slappasswd (if without_slappasswd == 1 in smbldap_conf.pm)
+# but prefer Crypt:: libraries


More information about the freebsd-ports-bugs mailing list