http://www.heise.de/...rn-1518799.html
Vielleicht kann einer der Dev´ s kurz bescheid geben wenn das Paket im pli repository gefixt ist.
Danke
samba Server kritische Lücke
Started by hypnotoad, 11 Apr 2012 15:56
6 replies to this topic
Re: samba Server kritische Lücke #2
Re: samba Server kritische Lücke #3
Re: samba Server kritische Lücke #4
Posted 24 April 2012 - 15:11
The samba server on the box gives away free root access to everyone. You cannot have a leak in something that's basically a big gaping hole.
hehe, Nice
Lot of sleepless time for some people!
Hardware: Master VU Uno 4K SE 1x Mut@nt HD51.4K & 2x ZgemmaH9T
Software : Pli (v7) (7.1rc) 2019
Re: samba Server kritische Lücke #5
Posted 25 April 2012 - 18:14
is this a joke milo? even more dangerous that the smbd is installed by default.
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
Edited by hypnotoad, 25 April 2012 - 18:15.
Re: samba Server kritische Lücke #6
Posted 25 April 2012 - 18:45
No joke. It has always been like that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
Real musicians never die - they just decompose
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users