I think I have found a Samba security concern. When connecting to a secure network via OpenVPN, secure samba LMB server announces shares to the client on the other end of the encrypted tunnel. Samba on the client end takes this information and rebroadcasts it on the insecure network, providing insight into what would otherwise be a secure network.
Use case:
Jim goes to Starbucks, connects to wiki, and secures an OpenVPN connection with his work.
After connecting, server sends a Samba share list.
His samba client rebroadcasts it so that everyone at Starbucks can see the shares.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: samba (not installed)
ProcVersionSignature: Ubuntu 3.2.0-19.30-generic-pae 3.2.11
Uname: Linux 3.2.0-19-generic-pae i686
NonfreeKernelModules: wl
ApportVersion: 1.94.1-0ubuntu2
Architecture: i386
Date: Sun Mar 18 16:29:47 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha i386 (20120222)
ProcEnviron:
TERM=xterm
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
This is how the smb protocol browsing is designed to function.
If you don't want your workstation to act as a master browser, you need to turn off the options in smb.conf. Maybe something like this?
[global]
domain master = no
local master = no
preferred master = no
os level = 0