Hi Dne Thu, 3 Mar 2011 16:10:25 +0100 Bastien ROUCARIES <[email protected]> napsal(a):
> On Thu, Mar 3, 2011 at 2:45 PM, Michal Čihař <[email protected]> wrote: > > Hi > > > > Dne Thu, 3 Mar 2011 12:56:35 +0100 > > Bastien ROUCARIES <[email protected]> napsal(a): > > > >> Package: phpmyadmin > >> Version: 4:3.3.9.2-1 > >> Severity: important > >> Tags: security > >> X-Debbugs-CC: [email protected] > >> > >> > >> phpmyadmin installed with avahi-daemon broadcast the phpmyadmin adress by > >> installing a /etc/avahi/services > > > See recent thread on debian-devel avahi-daemon is pulled by default by > gnome... That's completely separate topic from this bug. > > Right. If you don't want avahi-daemon to broadcast about installed > > services, disable it or do not install it. > > > > Please can you tell me why this should be security issue? > > Because you broadcast information about my system and weather phpadmin > is installed and where by default. It will help script kiddies... But it is available regardless whether you broadcast it or not. So if you have weak logins, it can be exploited no matter it is broadcasted or not. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature

