Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue

• Previous message: 3APA3A: "Re: Invalid SquirrelMail Exploit"
• Next in thread: dave_at_immunitysec.com: "Re: Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue"
• Reply: dave_at_immunitysec.com: "Re: Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Jun 2003 15:44:29 +0200 (CEST)
To: bugtraq@securityfocus.com

The Sharp Zaurus is a linux-based PDA running Embedix. In the May
version of the Sharp Zaurus newsletter, version 3.1 of the flash
ROM was announced with various new versions of software and added
OS functionality. The linux kernel went from 2.4.6 to 2.4.18.

The Zaurus docking station comes with a USB connection, perceived
as a network interface both by the Zaurus and the connected PC.
An added feature with the new ROM version is that as you plug the
Zaurus into the docking station a Samba server is automatically
started. This by default gives read/write access to all documents
stored on the device without authentication. I have not found this
feature documented anywhere.

This Samba server unfortunately listens on ALL active network
interfaces with no restrictions that I have been able to determine
on who gets to connect. I have successfully mounted both over
802.11b and regular LAN.

The version 3.1 ROM is supposedly an adaptation of the ROM for
the newer Sharp Zaurus SL-5600. Since I don't have an SL-5600
available I can't verify whether the same problem exists there.

An email to the Zaurus developers on zaurussupport@sharpsec.com,
sent June 3 2003, has not seen a response.

The workaround, unless you're comfortable with configuring (or
disabling) Samba servers under linux, is to make sure you never
have an active external network interface while the Zaurus is
sitting in its docking station.

Bjørn

-- 
Bjørn Tore Sund         Phone:  (+47) 555-84894      Stupidity is like a
System administrator    Fax:    (+47) 555-89672      fractal; universal and
Math. Department        Mobile: (+47) 918 68075      infinitely repetitive.
University of Bergen    VIP:    81724
teknisk@mi.uib.no       Email:  bjornts@mi.uib.no    http://www.mi.uib.no/

• Previous message: 3APA3A: "Re: Invalid SquirrelMail Exploit"
• Next in thread: dave_at_immunitysec.com: "Re: Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue"
• Reply: dave_at_immunitysec.com: "Re: Sharp Zaurus SL-5500 upgrade ROM v3.1 - serious Samba issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]