Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration
- From: "Teh Kotak" <kotak.teh@xxxxxxxxx>
- Date: Fri, 26 Sep 2008 19:37:09 +0700
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=cnhAa2zrTNIq11lZa+rQariVSMEDEwq9Wt3l2+t96Xc=; b=g4mAwqJaNBnISlnZXUn74Nqm+NHb3JAHUOnm7B+u02oYomwAsQ5/TV8cz5sW1O8PES USsauyuI4D/rbxBty8xJJ5j8FAEJl4ILpWvutOyloevxh3hW/MXi8h4zhPPLUig12MPh 2wpabP5MbrMKmftRScUyNy6AfAJwCC2LR/bYQ=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=D4E3yt1IRFwvfQLaMwzEfWmOW1UYXqvG3ZiFesdOjIYL4jYBosBRmu8OzH5NVplqvt nJwzsYx4KxCj2HGa3WrhVimLzjIJ9l6vPB83//jZxAQf3YdWUdvNK6zZACM4BSa5wEO5 Qp59RdHQ9pinjU/NkWHSE+PSUEljz9PiY6N2Y=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
As of today 25 September 2008, I am using the latest 1.0.3.7 firmware
for my region (Singapore), US also use this version.
1/ Outdated Samba 3.0.2, vulnerable to numerous security holes.
2/ Default admin:admin user
3/ Default open guest user, noway to disable it
4/ It is impossible to disable SAMBA completely! This is a wireless
access point/router... I don't want this insecure storage feature.
Cc: Full Disclosure, Bugtraq