Subject: cdimage.debian.org: Debian Live DVD 8.0.0 ssh server enabled by default Package: cdimage.debian.org Severity: important
Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? I was testing my system's security when I discovered this. * What exactly did you do (or not do) that was effective (or ineffective)? I invoked this command: sudo service ssh stop * What was the outcome of this action? Success but not enough. The command stopped the ssh service successfully but inexperienced users are probably not aware of this. * What outcome did you expect instead? The ssh service should be disabled by default because an attacker could exploit this. The Live DVD comes with a default username and password making the threat very real. *** End of the template - remove these template lines *** -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-586 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) ---- Sent using Crazymailing.com