Your message dated Wed, 03 Jan 2007 18:49:10 +0100
with message-id <[EMAIL PROTECTED]>
and subject line close 405336
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: vdr
Version: 1.4.4-1
Severity: grave
Tags: security
Justification: user security hole
Hello,
after I have installed vdr and started as daemon by the init.d script,
chkrootkit reports a possible scalper worm infection.
The chkrootkit script checks for listening of port 2001, which is used by vdr:
tcp 0 0 0.0.0.0:2001 0.0.0.0:* LISTEN
But svdrphosts.conf says:
#
# svdrphosts This file describes a number of host addresses that
# are allowed to connect to the SVDRP port of the Video
# Disk Recorder (VDR) running on this system.
# Syntax:
#
# IP-Address[/Netmask]
#
127.0.0.1 # always accept localhost
#192.168.100.0/24 # any host on the local net
#204.152.189.113 # a specific host
#0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
#192.168.1.0/24
Maybe the client address is checked, after vdr has accepted the connection.
(I haven't looked into this.)
Greetings
Juergen
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages vdr depends on:
ii adduser 3.100 Add and remove users and groups
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libgcc1 1:4.1.1-19 GCC support library
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libstdc++6 4.1.1-19 The GNU Standard C++ Library v3
ii makedev 2.3.1-83 creates device files in /dev
ii psmisc 22.3-1 Utilities that use the proc filesy
Versions of packages vdr recommends:
ii lirc 0.8.0-9 Linux Infra-red Remote Control sup
-- debconf information:
* vdr/select_dvb_card: Satellite
* vdr/showinfo:
* vdr/create_video_dir: true
--- End Message ---
--- Begin Message ---
Hello,
after the look into the source has shown that the addresses are checked,
please close this bug reprt.
Greetings
Juergen
signature.asc
Description: OpenPGP digital signature
--- End Message ---
