[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#442180: d-i preseed method allows for remote cmd exec. in combination with DNS hijacking

Moritz Naumann <bugs.debian.org@moritz-naumann.com> writes:

> If an attcker is able to hijack or otherwise influence the DNS server
> used when Debian GNU/Linux is installed using win32-loader, she may be
> able to run any command that is available on the system to be installed
> as root by redirecting requests to a different web server which provides
> a given arbitrary command at the same URL.

One possible way for fixing it is to use md5sum of the preseeding file
and ask d-i to check it.

        O T A V I O    S A L V A D O R
 E-mail: otavio@debian.org      UIN: 5906116
 GNU/Linux User: 239058     GPG ID: 49A5F855
 Home Page: http://otavio.ossystems.com.br
"Microsoft sells you Windows ... Linux gives
 you the whole house."

Reply to: