lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.44.0306241524490.13484-100000@abel.mi.uib.no>
Date: Tue, 24 Jun 2003 15:44:29 +0200 (CEST)
From: Bjorn Tore Sund <bjornts@...uib.no>
To: bugtraq@...urityfocus.com
Subject: Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue



The Sharp Zaurus is a linux-based PDA running Embedix.  In the May
version of the Sharp Zaurus newsletter, version 3.1 of the flash
ROM was announced with various new versions of software and added
OS functionality.  The linux kernel went from 2.4.6 to 2.4.18.

The Zaurus docking station comes with a USB connection, perceived
as a network interface both by the Zaurus and the connected PC.
An added feature with the new ROM version is that as you plug the
Zaurus into the docking station a Samba server is automatically
started.  This by default gives read/write access to all documents
stored on the device without authentication.  I have not found this
feature documented anywhere.

This Samba server unfortunately listens on ALL active network
interfaces with no restrictions that I have been able to determine
on who gets to connect.  I have successfully mounted both over
802.11b and regular LAN.

The version 3.1 ROM is supposedly an adaptation of the ROM for
the newer Sharp Zaurus SL-5600.  Since I don't have an SL-5600
available I can't verify whether the same problem exists there.

An email to the Zaurus developers on zaurussupport@...rpsec.com,
sent June 3 2003, has not seen a response.

The workaround, unless you're comfortable with configuring (or
disabling) Samba servers under linux, is to make sure you never
have an active external network interface while the Zaurus is
sitting in its docking station.

Bjørn
-- 
Bjørn Tore Sund         Phone:  (+47) 555-84894      Stupidity is like a
System administrator    Fax:    (+47) 555-89672      fractal; universal and
Math. Department        Mobile: (+47) 918 68075      infinitely repetitive.
University of Bergen    VIP:    81724
teknisk@...uib.no       Email:  bjornts@...uib.no    http://www.mi.uib.no/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ