Permalink
5 comments
on commit
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
common: [security fix] Make sure sockets only listen locally
- Loading branch information
1 parent
decffad
commit df1f5c4
Showing
1 changed file
with
2 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
df1f5c4There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Has a CVE already been assigned for this issue?
Thanks
df1f5c4There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CVE-2016-5104 was assigned for this issue:
http://www.openwall.com/lists/oss-security/2016/05/26/6
Thanks
df1f5c4There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@setharnold as you can see from the commit, Joshua Hill aka posixninja is to be credited for the reporting of this vulnerability in both libraries. He reported this to me personally.
df1f5c4There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for reference, please mind that this functionality is indeed wanted for a use-case of connecting externally and was not added "by accident". However, it makes sense to default to local only for now. We'll add a switch or config option for the "external" case to cover that.
df1f5c4There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@FunkyM good, just wanted to ask about this, since i use remote connection to iphone from different computer. although using port forwarding trough ssh is also solution for my needs, it's just easier this way