Problems with Updates

Mario Vukelic mario.vukelic at dantian.org
Wed Oct 29 00:12:39 UTC 2008


On Tue, 2008-10-28 at 20:48 -0300, Derek Broughton wrote:
> it's not a
> vulnerability that's directly exposed to the Internet, though I suppose it
> could be infiltrated from another machine on the same LAN.

I did say or quote that it listens on the LAN. But you know, a LAN
somewhere at an airport or client site or whatever is still not safe. 

> That's not relevant to the cited "meme".  It doesn't run a DHCP server - it
> runs clients that talk to the network. 

With DHCP, even the client opens a port.
https://lists.ubuntu.com/archives/ubuntu-devel/2006-July/019171.html

>  Of course, there's no reason that a
> badly designed client couldn't be compromised by a malevolent DHCP server
> taking advantage of buffer overrun :-)  So I think what you really mean is
> not that it's not true that "Ubuntu ... does not run daemons that listen to
> the outside" but that vulnerabilities _can_ exist in _any_ program that
> talks to the Internet - whether it's a server or a client.

That, too. I mentioned Firefox and stuff :)





More information about the ubuntu-users mailing list