First Last Prev Next    This bug is not in your last search results.
Bug 13137 - "cannaserver" daemon running by default
"cannaserver" daemon running by default
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: basesystem (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-27 18:59 EDT by Chris Evans
Modified: 2014-03-16 22:14 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-08 18:55:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chris Evans 2000-06-27 18:59:15 EDT 
Did a full install of BETA2, and rebooted.
A process called "cannaserver" was running as root, and listening on a TCP
socket :-(
This is obviously very dangerous.
I fully expect to find specific security issues with "cannaserver". I'll
update the bug tomorrow if I get time to take a look.
Comment 1 Chris Evans 2000-07-08 18:55:46 EDT 
Hmm - well, I haven't yet had the time to look at "cannaserver"
However, surprise surprise, Canna just got a few mentions on bugtraq for a
remotely exploitable problem (Debian have issued a security update).
Looks like "cannaserver" is as big a potential security disaster as "jserver"
Comment 2 Bill Nottingham 2000-07-15 14:24:22 EDT 
It is no longer running as default, and is set up only to listen locally
by default as of 3.5b2-19.
Comment 3 Chris Evans 2000-07-17 19:35:08 EDT 
Nice one. Note that #13133 is similar but more serious.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.