severity 442180 wishlist
retitle 442180 make the network mode work securely
thanks
It should be noted that this bug applies only to the customized build used in
http://goodbye-microsoft.com/, and not to the version of win32-loader in Debian
(where network shouldn't be used at all). Nevertheless
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: win32-loader
Version: 0.6.0~pre3
Severity: critical
Tags: security
Justification: root security hole
The default boot option used by this package contains the following:
preseed/url=http://goodbye-microsoft.com/runtime/preseed.cfg
As seen
Moritz Naumann [EMAIL PROTECTED] writes:
If an attcker is able to hijack or otherwise influence the DNS server
used when Debian GNU/Linux is installed using win32-loader, she may be
able to run any command that is available on the system to be installed
as root by redirecting requests to a
sha*sum please
pgpGuYFTGhR7P.pgp
Description: PGP signature
On Fri, Sep 14, 2007 at 01:05:24AM +0200, Holger Levsen wrote:
sha*sum please
Proper signature. rsa-sha256 or so.
Bastian
--
I've already got a female to worry about. Her name is the Enterprise.
-- Kirk, The Corbomite Maneuver, stardate 1514.0
--
To UNSUBSCRIBE, email to
Moritz Naumann wrote:
The default boot option used by this package contains the following:
preseed/url=http://goodbye-microsoft.com/runtime/preseed.cfg
There is a compile time option (NETWORK_BASE_URL) that can enable this,
and maybe it's enabled on the goodbye-microsoft.com version (didn't
6 matches
Mail list logo
