http://www.heise.de/...rn-1518799.html
Vielleicht kann einer der Dev´ s kurz bescheid geben wenn das Paket im pli repository gefixt ist.
Danke
samba Server kritische Lücke
Begonnen door: hypnotoad, 11 apr 2012 15:56
Er zijn 6 reacties in dit onderwerp
Re: samba Server kritische Lücke #2
-
- Member
- 39 berichten
+10
Neutral
Geplaatst op 23 april 2012 - 23:20
Grundsätzlich sollte das keine große Gefahr sein, außer Du hast die Samba-Ports im Router freigegeben.
Ich werd mir das Paket aber mal anschauen.
Ich werd mir das Paket aber mal anschauen.
Re: samba Server kritische Lücke #3
-
- PLi® Core member
- 14052 berichten
+298
Excellent
Geplaatst op 24 april 2012 - 11:14
The samba server on the box gives away free root access to everyone. You cannot have a leak in something that's basically a big gaping hole.
Real musicians never die - they just decompose
Re: samba Server kritische Lücke #4
-
- Senior Member
- 787 berichten
+39
Good
Geplaatst op 24 april 2012 - 15:11
The samba server on the box gives away free root access to everyone. You cannot have a leak in something that's basically a big gaping hole.
hehe, Nice
Lot of sleepless time for some people!
Hardware: Master VU Uno 4K SE 1x Mut@nt HD51.4K & 2x ZgemmaH9T
Software : Pli (v7) (7.1rc) 2019
Re: samba Server kritische Lücke #5
-
- Member
- 42 berichten
0
Neutral
Geplaatst op 25 april 2012 - 18:14
is this a joke milo? even more dangerous that the smbd is installed by default.
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
For me its no Problem, first thing i do after flashing is to remove the smb package
OK the most people uses the box behind a nat but i guess it would be a good idea to inform the useres of this security issue
Veranderd door hypnotoad, 25 april 2012 - 18:15
Re: samba Server kritische Lücke #6
-
- PLi® Core member
- 14052 berichten
+298
Excellent
Geplaatst op 25 april 2012 - 18:45
No joke. It has always been like that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
The default password is blank. It also runs telnet, HTTP and FTP servers that require no authentication whatsoever. Maybe I forgot some other service.
Bottom line: Don't put the box on the (inter)net without a router in between, and don't forward any port except 22 (ssh), which is the one and only secure thing the box has. Anything else (including HTTPS) should never be allowed outside your LAN, with or without passwords.
And no, we're not gonna change that.
Real musicians never die - they just decompose
1 gebruiker(s) lezen dit onderwerp
0 leden, 1 bezoekers, 0 anonieme gebruikers
