Re: avahi-daemon

To: debian-security@lists.debian.org
Subject: Re: avahi-daemon
From: Michael Stone <mstone@debian.org>
Date: Thu, 23 Feb 2006 06:12:57 -0500
Message-id: <[🔎] 20060223111256.GJ9733@mathom.us>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20060223110450.GA4991@javifsp.no-ip.org>
References: <[🔎] 43FC4A6C.9010801@gmx.net> <[🔎] 98a18b470602220411n4704cacg61cab8cae197e504@mail.gmail.com> <[🔎] 43FC60FC.7080001@gmx.net> <[🔎] 20060222143022.GE17249@bee.dooz.org> <[🔎] 43FC8BE6.5040902@gmx.net> <[🔎] 20060222165940.GP17596@linuxmafia.com> <[🔎] 20060223110450.GA4991@javifsp.no-ip.org>

On Thu, Feb 23, 2006 at 12:04:50PM +0100, Javier Fernández-Sanguino Peña wrote:

The former worm targeted a critical OS service, the later a database service.
Neither of which were actually useful if bound to loopback, BTW.

Actually, they were. A lot of the embedded DB servers were only used bylocal applications (e.g., IIRC, a virus scanner) and never made use ofthe network in normal applications. And *a lot* of standalone systems werevulnerable to the DCOM thing even though they weren't (intended to be)managed over the network. That's exactly the danger in makingassumptions about how things are going to be used.


--
Michael Stone

Reply to:

References:
- avahi-daemon
  - From: aliban <aliban@gmx.net>
- Re: avahi-daemon
  - From: "Daniel Givens" <daniel@rugmonster.org>
- Re: avahi-daemon
  - From: aliban <aliban@gmx.net>
- Re: avahi-daemon
  - From: Loïc Minier <lool+debian@via.ecp.fr>
- Re: avahi-daemon
  - From: aliban <aliban@gmx.net>
- Re: avahi-daemon
  - From: Rick Moen <rick@linuxmafia.com>
- Re: avahi-daemon
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: avahi-daemon
Next by Date: Re: avahi-daemon
Previous by thread: Re: avahi-daemon
Next by thread: Re: avahi-daemon
Index(es):
- Date
- Thread