On Thu, Mar 3, 2011 at 2:45 PM, Michal Čihař <[email protected]> wrote:
> Hi
>
> Dne Thu, 3 Mar 2011 12:56:35 +0100
> Bastien ROUCARIES <[email protected]> napsal(a):
>
>> Package: phpmyadmin
>> Version: 4:3.3.9.2-1
>> Severity: important
>> Tags: security
>> X-Debbugs-CC: [email protected]
>>
>>
>> phpmyadmin installed with avahi-daemon broadcast the phpmyadmin adress by 
>> installing a /etc/avahi/services


See recent thread on debian-devel avahi-daemon is pulled by default by gnome...

> Right. If you don't want avahi-daemon to broadcast about installed
> services, disable it or do not install it.
>
> Please can you tell me why this should be security issue?

Because you broadcast information about my system and weather phpadmin
is installed and where by default. It will help script kiddies...

Bastien
>
> --
>        Michal Čihař | http://cihar.com | http://blog.cihar.com
>



--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to