eWeek Security Watch
Advertisement
Advertisement
February 11, 2008 1:33 PM

Asus Eee PC Ships with Remotely Exploitable Flaw



Asus Eee PC ships with remotely exploitable vulnerability Out of the box, the highly touted Asus Eee PC ships with a known code-execution vulnerability that allows a hacker to remotely gain root over a network.

According to a warning from RISE Security, the Linux-powered machine uses an old--and vulnerable--version of the Samba daemon for Windows file and print sharing.

Using the Metasploit point-and-click attack tool, RISE Security was able to launch an exploit that took complete control of the Asus Eee PC.

Metasploit's HD Moore just about sums up my reaction to this news:

"Considering how much criticism other PC vendors have received for out-of-the-box security, its a wonder that a similar outcry has not been heard for Linux-based products."

It's important to note that the actual vulnerability has already been patched in Samba 2.0.24.

Create, Communicate, Collaborate with IT Professionals at Ziff Davis Enterprise IT Link

Posted by Ryan Naraine on February 11, 2008 1:33 PM

| Comments (0) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/12689

Post a Comment

 
 


RSS Syndication

Breaking News

Advertisement

Apple

Browsers

Cisco

Corporate espionage

Disaster Planning

eBay

Exploits and Attacks

Flaws

Google

Identity Theft

Intrusion Detection/Prevention

Mergers and Acquisitions

Microsoft Windows

Open Source

Oracle

Patches

Phishing and Fraud

Privacy

Product Reviews

Rootkits

Spam

Virus and Spyware

Vulnerability Research

Advertisement
Security Watch     Contact Us | Advertise | Site Map
Ziff Davis Enterprise

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video |

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | eWeek Security | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | IT Marketplace | igrep

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2007 Ziff Davis Enterprise, Inc. All Rights Reserved. Security Watch is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
Ziff Davis Enterprise