Results 1 to 5 of 5

Thread: SplashTop Linux Security Hole Discovered

  1. #1
    Join Date
    Jan 2007
    Posts
    14,590

    Default SplashTop Linux Security Hole Discovered

    Phoronix: SplashTop Linux Security Hole Discovered

    Less than two weeks ago we shared that SplashTop Linux was hacked to run off a USB stick, run custom applications, and more importantly having it run on non-certified motherboards (meaning those not sold by ASUS with SplashTop's instant-on Linux environment embedded). These hacks were done by members of our Phoronix Forums, but now a security hole has been discovered...

    http://www.phoronix.com/vr.php?view=NjY0Ng

  2. #2
    Join Date
    Jan 2007
    Location
    Germany
    Posts
    2,123

    Default

    DeviceVM, the company behind SplashTop, is currently looking into this problem.
    The problem is that Kano hasn't been offered a job yet.

  3. #3
    Join Date
    Sep 2007
    Location
    Connecticut,USA
    Posts
    956

    Default

    Maybe DeviceVM should offer him one...he found this security flaw in their software, so he deserves a job.

    But OT, things like this need to be fixed fast and an update made available.

  4. #4
    Join Date
    Aug 2008
    Posts
    99

    Default 127.0.0.1

    That screen shot showed the localhost IP address. Is this port also open to the outside world?

  5. #5
    Join Date
    Aug 2007
    Posts
    6,613

    Default

    When you would click on the thread I created then you would know more. In it I tested 2 versions 1.2.3.1 (I guess any older will have it too) does not block this port from outside. 1.2.8.0 fixed that issue (no idea which versions between those 2 are affected). Well that fix is basically only partly because on a Windows system there are always files at standard postition like the Windows registry. I could have added links for that too, but I am sure you get the idea yourself, that you only have to exploit a firefox error with cross-site scripting (XSS) that downloads the user registry, parses it (for example with ctntpw), gets all MRU files from registry, all plaintext serials, login data and lots of other info. Then you can fetch all recently used files on C: partition or on the partition you installed it as you can create full url. This works of course locally too, very informative for business pcs which have been set to boot first from hd but allow splashtop, preferred the "lite" variant from hd.

    Edit: Maybe I forgot to mention that the discovered link to the winhdd is not use by any splashtop app, so only the external link would have been enough. When you know that, then this fault is even more serious. That winhdd link is from va-photo.sqx.
    Last edited by Kano; 08-09-2008 at 06:19 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •