Security issue: Tomato "Root" credential remote code execution

Discussion in 'Tomato Firmware' started by Dutch87, Apr 17, 2012.

  1. Dutch87

    Dutch87 Addicted to LI Member

    Hello people,

    In the respective threads I have adressed this issue, without any response...
    So I'll try it giving it's own thread.

    As I'm not capable enough to compile and provide builds myself, therefore I hope I can rely on others to keep such a critical application as the Tomato firmware secure with the patches availble.

    If nobody cares about security, just say so...

    Here's the issue the whole internet is talking about
    Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user.
    Patches are already availbe I hear around.
    Please, for me this is not an discussion about if it is a issue or not since you need to connect samba to the internet and it is or is not in Tomato (heck, LAN clients can also be malicious!), but about keeping stuff up-to-date and as secure as possible.
  2. Dutch87

    Dutch87 Addicted to LI Member

    No reply's? Wow...
  3. brueggma

    brueggma Networkin' Nut Member

    I'm personally not concerned about this issue. On my machine (toastman build) samba is bound to the internal network only that I control.. if someone besides me is on my internal network, I have bigger problems than samba.
  4. Dutch87

    Dutch87 Addicted to LI Member

    Jup, that's also a point. In my case the LAN is considerd partially hostile.
    Bigger problems concerning Tomato?

    But so far noone is going to patch?
  5. Dark_Shadow

    Dark_Shadow LI Guru Member

    You could patch it.
  6. Dutch87

    Dutch87 Addicted to LI Member

    Please, tell me h0w?
  7. Toastman

    Toastman Super Moderator Staff Member Member

    Done already, next release...
    Dutch87 likes this.
  8. Dutch87

    Dutch87 Addicted to LI Member

    As usual, Toastman, ur the hero ;)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice