http://www.heise.de/...rn-1518799.html
Vielleicht kann einer der Dev´ s kurz bescheid geben wenn das Paket im pli repository gefixt ist.
Danke
samba Server kritische Lücke
Started by hypnotoad, 11 Apr 2012 15:56
6 replies to this topic
Re: samba Server kritische Lücke #2
-
- Member
- 39 posts
+10
Neutral
Posted 23 April 2012 - 23:20
Grundsätzlich sollte das keine große Gefahr sein, außer Du hast die Samba-Ports im Router freigegeben.
Ich werd mir das Paket aber mal anschauen.
Ich werd mir das Paket aber mal anschauen.
Re: samba Server kritische Lücke #3
-
- PLi® Core member
- 14,048 posts
+298
Excellent
Posted 24 April 2012 - 11:14
The samba server on the box gives away free root access to everyone. You cannot have a leak in something that's basically a big gaping hole.
Real musicians never die - they just decompose
Re: samba Server kritische Lücke #4
-
- Senior Member
- 787 posts
+39
Good
Posted 24 April 2012 - 15:11
The samba server on the box gives away free root access to everyone. You cannot have a leak in something that's basically a big gaping hole.
hehe, Nice
Lot of sleepless time for some people!
Hardware: Master VU Uno 4K SE 1x Mut@nt HD51.4K & 2x ZgemmaH9T
Software : Pli (v7) (7.1rc) 2019
Re: samba Server kritische Lücke #5
-
- Member
- 42 posts
0
Neutral
Posted 25 April 2012 - 18:14
is this a joke milo? even more dangerous that the smbd is installed by default.
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
Edited by hypnotoad, 25 April 2012 - 18:15.
Re: samba Server kritische Lücke #6
-
- PLi® Core member
- 14,048 posts
+298
Excellent
Posted 25 April 2012 - 18:45
No joke. It has always been like that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
Real musicians never die - they just decompose
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
