oss-sec mailing list archives
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere
From: David Woodhouse <dwmw2 () infradead org>
Date: Mon, 14 Mar 2011 21:07:49 +0000
On Mon, 2011-03-14 at 16:59 -0400, Josh Bressers wrote:
This looks like one id for vino improperly claiming that machine is only accessible via the local network. Another for it using uPnP to open up a router without proper warning.
I'd concur with the former, but not the latter. Issuing a CVE for that kind of thing just encourages the people who mistakenly view NAT as a form of security. uPnP is just one of the *many* reasons that viewpoint is wrong. If you wouldn't issue a CVE for vino listening with socket() and bind() system calls, then you shouldn't issue a CVE for it using uPnP to listen either. uPnP is just the normal way to work around broken networking. As far as I'm concerned there is only one issue here; the misreporting that only local access is possible when in fact it's not. -- David Woodhouse Open Source Technology Centre David.Woodhouse () intel com Intel Corporation
Current thread:
- CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Jan Lieskovsky (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Steven M. Christey (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 15)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)