oss-sec mailing list archives
Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere
From: David King <amigadave () amigadave com>
Date: Wed, 16 Mar 2011 12:02:28 +0100
On 2011-03-16 10:47, David Woodhouse <dwmw2 () infradead org> wrote:
On Tue, 2011-03-15 at 17:10 -0400, Josh Bressers wrote:Issue #2 Vino can open ports via uPnP without alerting the user. https://bugzilla.redhat.com/show_bug.cgi?id=678846 Use CVE-2011-1165
[snip]
There *is* an option to disable this feature, if the user really wants to. And of course it should be clearly indicated that the service is available to the public; but *that* is what CVE-2011-1164 is for.
It should be noted that the UPnP feature is disabled by default, so the user has the option to *enable* it. I concede that the string presented in the UI needs improvement. Of course, I agree that indication of the consequences would be appropriate, and also disallowing the 'none' authentication method if UPnP is enabled.
-- http://amigadave.com/
Current thread:
- CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Jan Lieskovsky (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Steven M. Christey (Mar 14)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 15)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David King (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere Josh Bressers (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)
- Re: CVE Request / Discussion -- vino -- reports the desktop being reachable only over the local network, when reachable from everywhere David Woodhouse (Mar 16)