This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vulnerabilities in Astaro Security Linux 2.016

Has anyone any comments about the recent e-mail sent to bugtraq@securityfocus.com by Joerg.Luebbert@t-online.de??

Here is just a summary of the e-mail:

"Introduction:
Dear BugTraq readers. I've taken a short glimpse on Astaro Security
Linux and found out some points of interest that are mostly design
flaws. Please note that I am theorising (based on a 1 1/2 hour research
only) about the impacts and have not proven their concepts on Astaro
Security Linux yet even though most can be proved easily.

Some of the vulnerabilities might be local and some might argue about
that Astaro Security Linux is a Firewall and no server... but as it uses
SSHD it could always be that the "loginuser" account might have been
compromised and shell access granted.

Vulnerabilities:

Summary:
5 Design flaws
2 Completely theorised design flaws
1 Possible design flaw
1 Licensing violation
1 Software bug"

I'll like to hear the official position of Astaro about this.

Thanks,

Raúl

This thread was automatically locked due to age.

0 Markus Hennig over 23 years ago

please use only thread for one topic...
please use this one
Cancel
Vote Up 0 Vote Down

Cancel