Problems with Updates
Mario Vukelic
mario.vukelic at dantian.org
Wed Oct 29 00:12:39 UTC 2008
On Tue, 2008-10-28 at 20:48 -0300, Derek Broughton wrote:
> it's not a
> vulnerability that's directly exposed to the Internet, though I suppose it
> could be infiltrated from another machine on the same LAN.
I did say or quote that it listens on the LAN. But you know, a LAN
somewhere at an airport or client site or whatever is still not safe.
> That's not relevant to the cited "meme". It doesn't run a DHCP server - it
> runs clients that talk to the network.
With DHCP, even the client opens a port.
https://lists.ubuntu.com/archives/ubuntu-devel/2006-July/019171.html
> Of course, there's no reason that a
> badly designed client couldn't be compromised by a malevolent DHCP server
> taking advantage of buffer overrun :-) So I think what you really mean is
> not that it's not true that "Ubuntu ... does not run daemons that listen to
> the outside" but that vulnerabilities _can_ exist in _any_ program that
> talks to the Internet - whether it's a server or a client.
That, too. I mentioned Firefox and stuff :)
More information about the ubuntu-users
mailing list