Has anyone any comments about the recent e-mail sent to bugtraq@securityfocus.com by Joerg.Luebbert@t-online.de??
Here is just a summary of the e-mail:
"Introduction:
Dear BugTraq readers. I've taken a short glimpse on Astaro Security
Linux and found out some points of interest that are mostly design
flaws. Please note that I am theorising (based on a 1 1/2 hour research
only) about the impacts and have not proven their concepts on Astaro
Security Linux yet even though most can be proved easily.
Some of the vulnerabilities might be local and some might argue about
that Astaro Security Linux is a Firewall and no server... but as it uses
SSHD it could always be that the "loginuser" account might have been
compromised and shell access granted.
Vulnerabilities:
Summary:
5 Design flaws
2 Completely theorised design flaws
1 Possible design flaw
1 Licensing violation
1 Software bug"
I'll like to hear the official position of Astaro about this.
Thanks,
Raúl
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
