oss-sec mailing list archives
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere
From: David Woodhouse <dwmw2 () infradead org>
Date: Wed, 16 Mar 2011 12:48:53 +0000
On Wed, 2011-03-16 at 07:58 -0400, Josh Bressers wrote:
I probably should have been more clear here. I was under the impression the CVE id applied to instances where it would use UPnP and no auth, which is dangerous and should probably include a big warning with a button that says "I know what I'm doing (but probably not really)".
Right. So that CVE should apply to the case of it listening on a publicly available IP address with no auth, whether it uses uPnP or not. If it just listens on the socket and is usable from the outside world without a password, that's the *same* problem. The CVE really has nothing to do with uPnP; it's about the lack of authentication on a publicly-available service. -- dwmw2
Current thread:
- CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Jan Lieskovsky (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Steven M. Christey (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 15)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)