network-manager-openvpn leaks DNS information on Ubuntu 18.04

Bug #1796648 reported by Gijs Molenaar on 2018-10-08
270
This bug affects 2 people
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Undecided
Unassigned

Bug Description

By default when adding a VPN configuration on Ubuntu 18.04 the DNS configuration supplied by DHCP is not used, resulting in DNS leakage.

How to reproduce:

* Add VPN configuration, for example, import a ovpn file
* activate
* Check for DNS leakage at for example https://www.dnsleaktest.com/

This has been reported at various locations:

https://github.com/systemd/systemd/issues/7182
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1690860
https://github.com/eduvpn/python-eduvpn-client/issues/160

The issue has been solved since network-manage-open version 1.12.0:

https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/issues/10

This version or a more recent version is part of Ubuntu 18.10 which doesn't have this issue.

A workaround is to run:

$ systemd-resolve -i tun2 --set-domain=~.

where tun2 is your VPN interface.

We think this is a security issue and at least a backport of network-manage-open > 1.12.0 should be uploaded to the archive.

greetings,

 - Gijs

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: network-manager 1.10.6-2ubuntu1
ProcVersionSignature: Ubuntu 4.15.0-36.39-generic 4.15.18
Uname: Linux 4.15.0-36-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Mon Oct 8 11:19:00 2018
IfupdownConfig:
 # interfaces(5) file used by ifup(8) and ifdown(8)
 auto lo
 iface lo inet loopback
InstallationDate: Installed on 2018-06-06 (123 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
IpRoute:
 default via 192.168.178.1 dev enp6s0 proto dhcp metric 100
 169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
 192.168.178.0/24 dev enp6s0 proto kernel scope link src 192.168.178.61 metric 100
NetworkManager.state:
 [main]
 NetworkingEnabled=true
 WirelessEnabled=true
 WWANEnabled=true
RfKill:

SourcePackage: network-manager
UpgradeStatus: No upgrade log present (probably fresh install)
nmcli-nm:
 RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW WIFI WWAN-HW WWAN
 running 1.10.6 connected started full enabled enabled enabled enabled enabled

Gijs Molenaar (gijzelaar) wrote :
affects: network-manager (Ubuntu) → network-manager-openvpn (Ubuntu)
Seth Arnold (seth-arnold) wrote :
information type: Private Security → Public Security
Changed in network-manager-openvpn (Ubuntu):
status: New → Confirmed
Seth Arnold (seth-arnold) wrote :

The suggested fix is quite a lot of code churn; I don't know if the security process or SRU process would be more appropriate for this much change. Thoughts?

Thanks

Sebastien Bacher (seb128) wrote :

The issue is the same than bug #1754671 right?

@Seth, security pocket or not would depends of how much the security team consider of an important security problem...

Seth Arnold (seth-arnold) wrote :

Sebastien, it certainly does look like 1754671. Thanks

fessmage (fessmage) on 2018-11-02
no longer affects: network-manager-openvpn
fessmage (fessmage) wrote :

There are mistypes in head message and title - it is not network-manager-openvpn leak dns, but network-manager itself. And version with fix - network-manager 1.12. I hope fix will be backported to 1.10 for Ubuntu 18.04 (https://bugzilla.gnome.org/show_bug.cgi?id=746422#c56)

Gijs Molenaar (gijzelaar) wrote :

Yes a backport would be great.

affects: network-manager-openvpn (Ubuntu) → network-manager (Ubuntu)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.