État Fermée
Pourcentage achevé
100%
Type Anomalie
Catégorie Services locaux
Assignée à Personne
Système d'exploitation Freebox Server V6 (Révolution)
Sévérité Critique
Priorité Très Basse
Basée sur la version 1.0.1
Due pour la version Non décidée
Échéance Non décidée
Votes
Privée

Concerne le projet: Freebox Server (Ultra V9/ Pop V8/ Delta V7 / Revolution V6 / Mini 4K)
Ouverte par giant jack - 26/01/2011

FS#4684 - Faille de sécurité dans Samba

Bonjour,

N’étant pas un vrai pro dans le domaine, je me permet juste de faire suivre ce lien qui pointe une faille qui semble critique (et vieille) dans samba.

http://phil-secu.over-blog.net/article-freebox-6-et-la-securite-65489551.html

Cordialement

Fermée par mbizon
17.02.2011 13:53
Raison de la fermeture : Résolu

Commentaires (8)
Tâches liées (0/0)

beaverois a commenté le 26.01.2011 23:21

nmap -p 1-65535 -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.0.254
Warning: You are not root – using TCP pingscan rather than ICMP

Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-27 00:10 CET
NSE: Loaded 30 scripts for scanning.
Initiating Ping Scan at 00:10
Scanning 192.168.0.254 [6 ports]
Completed Ping Scan at 00:10, 1.20s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 00:10
Completed Parallel DNS resolution of 1 host. at 00:10, 0.03s elapsed
Initiating Connect Scan at 00:10
Scanning 192.168.0.254 [65535 ports]
Discovered open port 554/tcp on 192.168.0.254
Discovered open port 80/tcp on 192.168.0.254
Discovered open port 139/tcp on 192.168.0.254
Discovered open port 21/tcp on 192.168.0.254
Discovered open port 445/tcp on 192.168.0.254
Stats: 0:00:19 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 10.89% done; ETC: 00:13 (0:02:36 remaining)
Stats: 0:00:36 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan
Connect Scan Timing: About 23.87% done; ETC: 00:13 (0:01:52 remaining)
Discovered open port 8090/tcp on 192.168.0.254
Discovered open port 8095/tcp on 192.168.0.254
Connect Scan Timing: About 52.42% done; ETC: 00:12 (0:00:59 remaining)
Discovered open port 8091/tcp on 192.168.0.254
Discovered open port 9091/tcp on 192.168.0.254
Discovered open port 54242/tcp on 192.168.0.254
Completed Connect Scan at 00:12, 104.70s elapsed (65535 total ports)
Initiating Service scan at 00:12
Scanning 10 services on 192.168.0.254
Stats: 0:01:57 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 40.00% done; ETC: 00:12 (0:00:17 remaining)
Stats: 0:02:44 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 90.00% done; ETC: 00:13 (0:00:07 remaining)
Stats: 0:02:49 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 90.00% done; ETC: 00:13 (0:00:07 remaining)
Stats: 0:02:54 elapsed; 0 hosts completed (1 up), 1 undergoing Service Scan
Service scan Timing: About 90.00% done; ETC: 00:13 (0:00:08 remaining)
Completed Service scan at 00:13, 83.65s elapsed (10 services on 1 host)
NSE: Script scanning 192.168.0.254.
NSE: Starting runlevel 1 scan
Initiating NSE at 00:13
Completed NSE at 00:13, 5.05s elapsed
NSE: Starting runlevel 2 scan
Initiating NSE at 00:13
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE: Active NSE Script Threads: 1 (1 waiting)

NSE Timing: About 0.00% done
Completed NSE at 00:14, 40.01s elapsed
NSE: Script Scanning completed.
Host 192.168.0.254 is up (0.00035s latency).
Interesting ports on 192.168.0.254:
Not shown: 65521 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Freebox ftpd
80/tcp open http?

137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP)
554/tcp open rtsp Freebox rtspd 1.2
5678/tcp closed unknown
6600/tcp closed unknown
8090/tcp open unknown
8091/tcp open unknown
8095/tcp open tcpwrapped
9091/tcp open unknown
54242/tcp open unknown
5 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :

NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)

SF-Port80-TCP:V=5.00%I=7%D=1/27%Time=4D40AA62%P=i686-pc-linux-gnu%r(GetReq
SF:uest,98,”HTTP/1\.1\x20302\x20Moved\x20Temporarily\r\nServer:\x20nginx\r
SF:\nDate:\x20Wed,\x2026\x20Jan\x202011\x2023:12:34\x20GMT\r\nContent-Type
SF::\x20text/html\r\nConnection:\x20close\r\nLocation:\x20/login\.php\r\n\
SF:r\n”)%r(HTTPOptions,137,”HTTP/1\.1\x20405\x20Not\x20Allowed\r\nServer:\
SF:x20nginx\r\nDate:\x20Wed,\x2026\x20Jan\x202011\x2023:12:34\x20GMT\r\nCo
SF:ntent-Type:\x20text/html\r\nContent-Length:\x20166\r\nConnection:\x20cl
SF:ose\r\n\r\n

\r\n<head><title>405\x20Not\x20Allowed</title></head>\
SF:r\n<body\x20bgcolor=\"white\">\r\n<center><h1>405\x20Not\x20Allowed</h1
SF:></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”)%r(
SF:RTSPRequest,A6,”

\r\n<head><title>400\x20Bad\x20Request</title></h
SF:ead>\r\n<body\x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Reques
SF:t</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n
SF:”)%r(X11Probe,A6,”

\r\n<head><title>400\x20Bad\x20Request</title><
SF:/head>\r\n<body\x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Requ
SF:est</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r
SF:\n”)%r(FourOhFourRequest,131,”HTTP/1\.1\x20404\x20Not\x20Found\r\nServe
SF:r:\x20nginx\r\nDate:\x20Wed,\x2026\x20Jan\x202011\x2023:12:34\x20GMT\r\
SF:nContent-Type:\x20text/html\r\nContent-Length:\x20162\r\nConnection:\x2
SF:0close\r\n\r\n

\r\n<head><title>404\x20Not\x20Found</title></head>
SF:\r\n<body\x20bgcolor=\"white\">\r\n<center><h1>404\x20Not\x20Found</h1>
SF:</center>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”)%r(R
SF:PCCheck,A6,”

\r\n<head><title>400\x20Bad\x20Request</title></head>
SF:\r\n<body\x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h
SF:1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”)%r
SF:(DNSVersionBindReq,A6,”

\r\n<head><title>400\x20Bad\x20Request</ti
SF:tle></head>\r\n<body\x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x2
SF:0Request</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</ht
SF:ml>\r\n")%r(DNSStatusRequest,A6,"<html>\r\n<head><title>400\x20Bad\x20R
SF:equest</title></head>\r\n<body\x20bgcolor=\"white\">\r\n<center><h1>400
SF:\x20Bad\x20Request</h1></center>\r\n<hr><center>nginx</center>\r\n</bod
SF:y>\r\n

\r\n”);

NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)

SF-Port8090-TCP:V=5.00%I=7%D=1/27%Time=4D40AA67%P=i686-pc-linux-gnu%r(GetR
SF:equest,170,”HTTP/1\.1\x20302\x20Moved\x20Temporarily\r\nServer:\x20ngin
SF:x\r\nDate:\x20Wed,\x2026\x20Jan\x202011\x2023:12:39\x20GMT\r\nContent-T
SF:ype:\x20text/html\r\nContent-Length:\x20154\r\nConnection:\x20close\r\n
SF:Location:\x20http://192\.168\.0\.254:8090/freebox_conn_problem\.html\r\
SF:n\r\n

\r\n<head><title>302\x20Found</title></head>\r\n<body\x20bgc
SF:olor=\"white\">\r\n<center><h1>302\x20Found</h1></center>\r\n<hr><cente
SF:r>nginx</center>\r\n</body>\r\n

\r\n”)%r(HTTPOptions,170,”HTTP/1\
SF:.1\x20302\x20Moved\x20Temporarily\r\nServer:\x20nginx\r\nDate:\x20Wed,\
SF:x2026\x20Jan\x202011\x2023:12:39\x20GMT\r\nContent-Type:\x20text/html\r
SF:\nContent-Length:\x20154\r\nConnection:\x20close\r\nLocation:\x20http:/
SF:/192\.168\.0\.254:8090/freebox_conn_problem\.html\r\n\r\n

\r\n<hea
SF:d><title>302\x20Found</title></head>\r\n<body\x20bgcolor=\"white\">\r\n
SF:<center><h1>302\x20Found</h1></center>\r\n<hr><center>nginx</center>\r\
SF:n</body>\r\n

\r\n”)%r(RTSPRequest,A6,”

\r\n<head><title>400\
SF:x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"white\">\r\n<cen
SF:ter><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>nginx</cente
SF:r>\r\n</body>\r\n

\r\n”)%r(RPCCheck,A6,”

\r\n<head><title>40
SF:0\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"white\">\r\n<c
SF:enter><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>nginx</cen
SF:ter>\r\n</body>\r\n

\r\n”)%r(DNSVersionBindReq,A6,”

\r\n<hea
SF:d><title>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"whi
SF:te\">\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center
SF:>nginx</center>\r\n</body>\r\n

\r\n”)%r(DNSStatusRequest,A6,”<htm
SF:l>\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\x20bgc
SF:olor=\”white\”>\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<
SF:hr><center>nginx</center>\r\n</body>\r\n</html>\r\n”)%r(Help,A6,”

SF:\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcol
SF:or=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr
SF:><center>nginx</center>\r\n</body>\r\n

\r\n”);

NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)

SF-Port8091-TCP:V=5.00%I=7%D=1/27%Time=4D40AA67%P=i686-pc-linux-gnu%r(GetR
SF:equest,173,”HTTP/1\.1\x20302\x20Moved\x20Temporarily\r\nServer:\x20ngin
SF:x\r\nDate:\x20Wed,\x2026\x20Jan\x202011\x2023:12:39\x20GMT\r\nContent-T
SF:ype:\x20text/html\r\nContent-Length:\x20154\r\nConnection:\x20close\r\n
SF:Location:\x20http://192\.168\.0\.254:8091/freebox_access_filtered\.html
SF:\r\n\r\n

\r\n<head><title>302\x20Found</title></head>\r\n<body\x20
SF:bgcolor=\"white\">\r\n<center><h1>302\x20Found</h1></center>\r\n<hr><ce
SF:nter>nginx</center>\r\n</body>\r\n

\r\n”)%r(HTTPOptions,173,”HTTP SF:/1\.1\x20302\x20Moved\x20Temporarily\r\nServer:\x20nginx\r\nDate:\x20We
SF:d,\x2026\x20Jan\x202011\x2023:12:39\x20GMT\r\nContent-Type:\x20text/htm
SF:l\r\nContent-Length:\x20154\r\nConnection:\x20close\r\nLocation:\x20htt
SF:p://192\.168\.0\.254:8091/freebox_access_filtered\.html\r\n\r\n

\r
SF:\n<head><title>302\x20Found</title></head>\r\n<body\x20bgcolor=\"white\
SF:">\r\n<center><h1>302\x20Found</h1></center>\r\n<hr><center>nginx</cent
SF:er>\r\n</body>\r\n

\r\n”)%r(RTSPRequest,A6,”

\r\n<head><titl
SF:e>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"white\">\r
SF:\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>nginx<
SF:/center>\r\n</body>\r\n

\r\n”)%r(RPCCheck,A6,”

\r\n<head><ti
SF:tle>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"white\">
SF:\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>ngin
SF:x</center>\r\n</body>\r\n

\r\n”)%r(DNSVersionBindReq,A6,”

\r
SF:\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor
SF:=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><
SF:center>nginx</center>\r\n</body>\r\n

\r\n”)%r(DNSStatusRequest,A6
SF:,”

\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\
SF:x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></center
SF:>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”)%r(Help,A6,” SF:

\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\x2
SF:0bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></center>\
SF:r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”);

NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)

SF-Port9091-TCP:V=5.00%I=7%D=1/27%Time=4D40AA67%P=i686-pc-linux-gnu%r(GetR
SF:equest,131,”HTTP/1\.1\x20403\x20Forbidden\r\nServer:\x20nginx\r\nDate:\
SF:x20Wed,\x2026\x20Jan\x202011\x2023:12:39\x20GMT\r\nContent-Type:\x20tex
SF:t/html\r\nContent-Length:\x20162\r\nConnection:\x20close\r\n\r\n

\
SF:r\n<head><title>403\x20Forbidden</title></head>\r\n<body\x20bgcolor=\"w
SF:hite\">\r\n<center><h1>403\x20Forbidden</h1></center>\r\n<hr><center>ng
SF:inx</center>\r\n</body>\r\n

\r\n”)%r(HTTPOptions,137,”HTTP/1\.1\x
SF:20405\x20Not\x20Allowed\r\nServer:\x20nginx\r\nDate:\x20Wed,\x2026\x20J
SF:an\x202011\x2023:12:39\x20GMT\r\nContent-Type:\x20text/html\r\nContent-
SF:Length:\x20166\r\nConnection:\x20close\r\n\r\n

\r\n<head><title>40
SF:5\x20Not\x20Allowed</title></head>\r\n<body\x20bgcolor=\"white\">\r\n<c
SF:enter><h1>405\x20Not\x20Allowed</h1></center>\r\n<hr><center>nginx</cen
SF:ter>\r\n</body>\r\n

\r\n”)%r(RTSPRequest,A6,”

\r\n<head><tit
SF:le>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"white\">\
SF:r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>nginx
SF:</center>\r\n</body>\r\n

\r\n”)%r(RPCCheck,A6,”

\r\n<head><t
SF:itle>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolor=\"white\"
SF:>\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>ngi
SF:nx</center>\r\n</body>\r\n

\r\n”)%r(DNSVersionBindReq,A6,”

\
SF:r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\x20bgcolo
SF:r=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr>
SF:<center>nginx</center>\r\n</body>\r\n

\r\n”)%r(DNSStatusRequest,A
SF:6,”

\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body
SF:\x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></cente
SF:r>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”)%r(Help,A6,
SF:”

\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<body\x
SF:20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></center>
SF:\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”)%r(SSLSession
SF:Req,A6,”

\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n
SF:<body\x20bgcolor=\"white\">\r\n<center><h1>400\x20Bad\x20Request</h1></
SF:center>\r\n<hr><center>nginx</center>\r\n</body>\r\n

\r\n”);

NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)

SF-Port54242-TCP:V=5.00%I=7%D=1/27%Time=4D40AA62%P=i686-pc-linux-gnu%r(Get
SF:Request,122,”HTTP/1\.0\x20404\x20Not\x20Found\r\nContent-Type:\x20text/
SF:html\r\nContent-Length:\x200\r\nAccept-Ranges:\x20bytes\r\nConnection:\
SF:x20close\r\nDATE:\x20Wed,\x2026\x20Jan\x202011\x2023:12:34\x20GMT\r\nco
SF:ntentFeatures\.dlna\.org:\x20\r\nEXT:\r\nServer:\x20Linux/2\.6\.35\.9-f
SF:bxgw1r_bank1_1\.0\.1-01474-g004e6f1,\x20UPnP/1\.0,\x20Free\x20UPnP\x20E
SF:ntertainment\x20Service/0\.655\r\n\r\n”)%r(HTTPOptions,92,”HTTP/1\.0\x2
SF:0200\x20OK\r\nContent-Length:\x200\r\nServer:\x20Linux/2\.6\.35\.9-fbxg
SF:w1r_bank1_1\.0\.1-01474-g004e6f1,\x20UPnP/1\.0,\x20Free\x20UPnP\x20Ente
SF:rtainment\x20Service/0\.655\r\n\r\n”)%r(FourOhFourRequest,122,”HTTP/1\.
SF:0\x20404\x20Not\x20Found\r\nContent-Type:\x20text/html\r\nContent-Lengt
SF:h:\x200\r\nAccept-Ranges:\x20bytes\r\nConnection:\x20close\r\nDATE:\x20
SF:Wed,\x2026\x20Jan\x202011\x2023:13:11\x20GMT\r\ncontentFeatures\.dlna\.
SF:org:\x20\r\nEXT:\r\nServer:\x20Linux/2\.6\.35\.9-fbxgw1r_bank1_1\.0\.1-
SF:01474-g004e6f1,\x20UPnP/1\.0,\x20Free\x20UPnP\x20Entertainment\x20Servi
SF:ce/0\.655\r\n\r\n”);
Service Info: Device: media device

Host script results:

Read data files from: /usr/share/nmap
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 234.86 seconds

faille: http://www.samba.org/samba/security/CVE-2009-2813.html

Une faille vraiment _vieille_ ...
Une màj dans “l’urgence” est vraiment à prévoir.

beaverois a commenté le 27.01.2011 02:52

Additionally, Samba 3.0.37, 3.2.15, 3.3.8 and 3.4.2 have been issued
as security releases to correct the defect.

ràs ..

beaverois a commenté le 27.01.2011 07:47

Désolé je re re édite mes messages, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0926

Vulnerable software and versions
Nav control image Configuration 1
spacer Nav control image OR
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.9
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.8
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.7
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.6
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.5
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.4
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.3
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.2
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.10
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.1
spacer spacer Nav control image * cpe:/a:samba:samba:3.3.0
spacer spacer Nav control image * cpe:/a:samba:samba:3.4.5
spacer spacer Nav control image * cpe:/a:samba:samba:3.4.4
spacer spacer Nav control image * cpe:/a:samba:samba:3.4.3
spacer spacer Nav control image * cpe:/a:samba:samba:3.4.2
spacer spacer Nav control image * cpe:/a:samba:samba:3.4.1
spacer spacer Nav control image * cpe:/a:samba:samba:3.4.0
spacer spacer Nav control image * cpe:/a:samba:samba:3.5.0

La version de samba implémenter dans la freebox v6 server est bien vuln, désolé n’ayant pas le temps de tester l’exploit@locale, et ayant pas mal de travail, je fais de mon mieux.

NB: C’est quand même dommage qu’on ne peut éditer les messages qu’on a postés.

beaverois a commenté le 27.01.2011 16:54

Je re édite, la version implémenter par la freebox v6 server n’est PAS vuln. ca serait bien de supprimer mes anciens messages, merci.

kang1 a commenté le 01.02.2011 11:25

La version (1.01 en tout cas) est tout à fait vulnérable.

Voici ma freebox

smb: \test\> ls

.                                   D        0  Tue Jan 18 19:35:47 2011
..                                  D        0  Tue Jan 18 19:35:47 2011
bin                                 D        0  Tue Jan 18 19:35:43 2011
dev                                 D        0  Tue Jan 18 19:35:47 2011
etc                                 D        0  Tue Jan 18 19:35:43 2011
lib                                 D        0  Tue Jan 18 19:35:44 2011
media                               D        0  Thu Jan  1 00:00:15 2009
mnt                                 D        0  Thu Jan  1 00:00:01 2009
tmp                                 D        0  Thu Jan 27 19:58:11 2011
usr                                 D        0  Tue Jan 18 19:35:01 2011
var                                 D        0  Tue Jan 18 19:35:05 2011

smb: \test\etc\> get passwd
getting file \test\etc\passwd of size 171 as passwd (83.5 KiloBytes/sec) (average 83.5 KiloBytes/sec)
smb: \test\etc\> !
smb: \test\etc\> !cat passwd
root:find_this_openfreebox:0:0:root:/root:/bin/sh
freebox:ABCDEFGHIJK:4242:4242:freebox:/media/.freebox/:/bin/sh
nobody:ABCDEFGHIJK:4242:4242:nobody:/var/empty:/bin/false

find this open freebox?
Bon ben voila, c’est trouvé :)

corrector a commenté le 02.02.2011 23:35

Alors, des détails croustillants?

Chalk a commenté le 03.02.2011 12:55

La vulnérabilité a été corrigée dans le firmware 1.0.2. Que les freenautes en 1.0.1 récupèrent le maximum avant que leur freebox ne soit patchée ;)

kang1 a commenté le 04.02.2011 10:22

y a rien de special a recuperer en meme temps :) bref, ca peut être fermer maintenant

	Tâches associées à cette tâche (0)

Chargement...

Raccourcis clavier

Activer les raccourcis clavier

Alt + ⇧ Shift + l Se connecter/Se déconnecter
Alt + ⇧ Shift + a Ouvrir une tâche
Alt + ⇧ Shift + m Mes recherches
Alt + ⇧ Shift + t Rechercher par ID de tâche

Liste des tâches

o Ouvrir la tâche sélectionnée
j Déplacer le curseur vers le bas
k Déplacer le curseur vers le haut

Détails de la tâche

n Tâche suivante
p Tâche précédente
Alt + ⇧ Shift + e ↵ Enter Modifier cette tâche
Alt + ⇧ Shift + w Surveiller
Alt + ⇧ Shift + y Fermer cette tâche

Édition de la tâche

Alt + ⇧ Shift + s Enregistrer la tâche