http://www.heise.de/...rn-1518799.html
Vielleicht kann einer der Dev´ s kurz bescheid geben wenn das Paket im pli repository gefixt ist.
Danke
samba Server kritische Lücke
Begonnen door: hypnotoad, 11 apr 2012 15:56
Er zijn 6 reacties in dit onderwerp
Re: samba Server kritische Lücke #2
Re: samba Server kritische Lücke #3
Re: samba Server kritische Lücke #4
Geplaatst op 24 april 2012 - 15:11
The samba server on the box gives away free root access to everyone. You cannot have a leak in something that's basically a big gaping hole.
hehe, Nice
Lot of sleepless time for some people!
Hardware: Master VU Uno 4K SE 1x Mut@nt HD51.4K & 2x ZgemmaH9T
Software : Pli (v7) (7.1rc) 2019
Re: samba Server kritische Lücke #5
Geplaatst op 25 april 2012 - 18:14
is this a joke milo? even more dangerous that the smbd is installed by default.
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
Veranderd door hypnotoad, 25 april 2012 - 18:15
Re: samba Server kritische Lücke #6
Geplaatst op 25 april 2012 - 18:45
No joke. It has always been like that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
Real musicians never die - they just decompose
1 gebruiker(s) lezen dit onderwerp
0 leden, 1 bezoekers, 0 anonieme gebruikers