Re: Multiple Security Vulnerabilities in Sharp Zaurus

[Jordan K Wiens <jwiens () nersp nerdc ufl edu>]

On Wed, 10 Jul 2002, SURUAZ wrote:

> Synopsis:
>
> The Sharp(R) Zaurus(tm) SL-5000D and SL-5500 have multiple security
> vulnerabilities in design and implementation that affect system
> security.
...
> Fixes:
>
> Vulnerability 1:  Remote filesystem access
>
> Zaurus users who use ethernet or PPP to attach to a network should
> either discontinue use of QPE or place themselves behind a firewal until
> a patch for QPE is released.

As the other poster has noted, sharp fixed (ok, well, mitigated) this issue
by only allowing access to the port 4242 from the usb interface.  While on
the wireless, or any other network connection, the ftp port refuses
connections.

The zaurus user community has known about this issue for some time and a
number of workarounds have been suggested.  Simply "discontinuing the use
of QPE" is not so simple for the average user.  Zauruszone.com has many
discussions on the matter:
http://www.zauruszone.farplanet.net/invboard/index.php?act=ST&f=20&t=1534&hl=4242&s=722c852467694225be832048262a7253

The simplest solution I've seen involves changing the telnet port in
/etc/services to 4242, and uncommenting the telnet server in
/etc/inetd.conf.  This is one of the easier ways to prevent QPE from
binding to port 4242.  Of course a password should still be added to the
root account, otherwise adding a telnet server is just as foolhardy as the
port 4242 server.  Also, /etc/securetty will need to modified or removed
entirely for telnet to function as expected.

Also, http://zaurus.wynn.com/problems/ has a much more complete list of
issues (some security, some otherwise) with the zaurus.

--
Jordan Wiens
UF Network Incident Response Team
(352)392-2061