[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#784043: Debian Live DVD 8.0.0 ssh server enabled by default



Subject: cdimage.debian.org: Debian Live DVD 8.0.0 ssh server enabled by default
Package: cdimage.debian.org
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
I was testing my system's security when I discovered this.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?
I invoked this command: sudo service ssh stop

   * What was the outcome of this action?
Success but not enough. The command stopped the ssh service successfully but inexperienced users are probably not aware of this.

   * What outcome did you expect instead?
The ssh service should be disabled by default because an attacker could exploit this.         
The Live DVD comes with a default username and password making the threat very real.


*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 8.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-586
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

 


----
Sent using Crazymailing.com
Reply to: