Bugtraq mailing list archives
Re: Multiple Security Vulnerabilities in Sharp Zaurus
From: Stephen Harris <bugtraq () spuddy org>
Date: Wed, 10 Jul 2002 16:07:58 -0400
On Wed, Jul 10, 2002 at 01:49:11PM -0400, SURUAZ wrote:
The Sharp(R) Zaurus(tm) SL-5000D and SL-5500 handhelds use FTP for performing sync operations with a PC. The FTP daemon on both Zaurus models is built into QPE, the default windowing system for the units, on port 4242. The daemon binds to all network interfaces on the Zaurus, including any wireless network or PPP interfaces.
[ snip ]
Zaurus users who use ethernet or PPP to attach to a network should either discontinue use of QPE or place themselves behind a firewal until a patch for QPE is released.
According to http://www.linuxjournal.com/article.php?sid=5902 At least, the latest version of the ROM makes the FTP server open only on the USB network interface Document is dated Jul 2, 2002. My ROM is 2.12 (machine was bought on July 9!) and if I try to connect to port 4242 over wireless network the connection is terminated immediately. I haven't tried to connect via USB yet (not even unwrapped the USB adapter). -- rgds Stephen
Current thread:
- IE allows universal Cross Domain Scripting (TL#003) Thor Larholm (Jul 10)
- Multiple Security Vulnerabilities in Sharp Zaurus SURUAZ (Jul 10)
- Re: Multiple Security Vulnerabilities in Sharp Zaurus Stephen Harris (Jul 10)
- Re: Multiple Security Vulnerabilities in Sharp Zaurus Jordan K Wiens (Jul 11)
- Multiple Security Vulnerabilities in Sharp Zaurus SURUAZ (Jul 10)