|
Sharp Zaurus SMB Unauthorized Access Vulnerability
|
|
Secunia Advisory:
|
SA9126
|
|
|
Release Date:
|
2003-06-26
|
|
Popularity:
|
5,154 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Manipulation of data
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Sharp Zaurus SL-5500
Sharp Zaurus SL-5600
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability has been identified in Sharp Zaurus allowing malicious people to connect to the SMB / Samba service.
The problem is that Sharp Zaurus launches the Samba service, when Sharp Zaurus is placed in the docking station. The Samba service listens on all network devices by default and does not require authentication. This can be exploited to gain access to any file on the system.
The vulnerability has been reported to affect Sharp Zaurus SL-5500 and SL-5600 running flash ROM version 3.1.
Solution:
Configure Samba so that it only binds to the USB interface or de-active all other network interfaces when Zaurus is docked.
Provided and/or discovered by:
Bjorn Tore Sund
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
