Apr 14

Security hole in Eee PC’s SAMBA daemon

Category: Linux,Xandros / ASUS Eee PC   — Published by tengo on April 14, 2008 at 3:25 pm

As the rise project recently found out, the pre-installed SAMBA daemon on the ASUS EeePC is an outdated version that has a security problem, allowing a knowledgeable user to gain root access on the system.

The original arcticle is over here. The little machine is running version 3.0.24 of smbd, which is vulnerable to the "Samba lsa_io_trans_names Heap Overflow" exploit. News resonated here and here.

I have written up a kind of work-in-progress checklist for securing the Asus Eee PC.