Eurocardsharing

Go Back   Eurocardsharing > Sharing receivers > DreamBox > Dreambox Image

Dreambox Image Discussion, IMPORTANT Security Update ( Dreambox Enigma 1 ) at DreamBox forum; IMPORTANT Security Update ( Dreambox Enigma 1 ) IMPORTANT Security Update ( Dreambox Enigma 1 ) OVERVIEW A security issue ...

Reply
 
LinkBack Thread Tools Display Modes
IMPORTANT Security Update ( Dreambox Enigma 1 )
Old
  (#1)
mangusta
Junior Member
 
mangusta's Avatar
 
Offline
Posts: 26

Level: 3 [♥ Bé-Yêu ♥♥ Bé-Yêu ♥]
Life: 0 / 70
Magic: 8 / 1989
Experience: 83%

Thanks: 6
Thanked 36 Times in 17 Posts
Join Date: May 2008
IMPORTANT Security Update ( Dreambox Enigma 1 ) - 05-November-2008, 13:17

IMPORTANT Security Update ( Dreambox Enigma 1 )
IMPORTANT Security Update ( Dreambox Enigma 1 )



OVERVIEW
A security issue has been identified that could allow an unauthorized remote attacker to compromise your Dreambox Enigma 1 based system and gain control over it.This issue could allow an attacker to download any file from your Dreambox, through the HTTP port 80, when open to remote access. This issue can take place on any Enigma 1 Dreambox with any Enigma 1 image that does not offer any solution.
You can help protect your Dreambox by installing this update from Nabilosat Team. After you install this item, you must restart Enigma.

Nabilosat Darkstar II Enigma 1 images are the first images to be protected against this threat.


SYSTEM REQUIREMENTS
Dreambox Enigma 1 Nabilosat Darkstar II only

INSTRUCTIONS
1) Download the required patch for your Dreambox model
2) Unzip compressed folder, and extract the file to your PC.
3) With your FTP software, go to /usr/bin for 7020-600 or /bin for 7000
4) delete the file enigma
5) copy the new extracted file to the same location in your DM
6) assign executable permissions 755 to the file
7) restart enigma


This patch is only for Dreambox running Nabilosat Enigma 1 Darkstar II images, and it is not compatible with other images.

fix on nabilo...
   
Reply With Quote
The Following User Says Thank You to mangusta For This Useful Post:
SUPERMARCOPOL (15-November-2008)
Old
  (#2)
jakas
ECS Master
 
jakas's Avatar
 
Offline
Posts: 1,227

Level: 30 [♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥]
Life: 0 / 736
Magic: 409 / 21855
Experience: 47%

Thanks: 320
Thanked 283 Times in 210 Posts
Join Date: Oct 2007
05-November-2008, 13:21

if port 80 is not open for remote access then ???
   
Reply With Quote
Sponsored Links
Old
  (#3)
mangusta
Junior Member
 
mangusta's Avatar
 
Offline
Posts: 26

Level: 3 [♥ Bé-Yêu ♥♥ Bé-Yêu ♥]
Life: 0 / 70
Magic: 8 / 1989
Experience: 83%

Thanks: 6
Thanked 36 Times in 17 Posts
Join Date: May 2008
05-November-2008, 13:50

This is not the solution. And' a way to revolve the problem. To close the doors or to protect with the router prevents from being hackati but of made a software buggato it is used however and from the compromised safety. Handed dams or less it is better however to have in the proper dream an image that has not punctured.
   
Reply With Quote
Old
  (#4)
morte
Guest
 
morte's Avatar
 
Offline
Posts: 10,804

Level: 66 [♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥]
Life: 492 / 1640
Magic: 3601 / 50731
Experience: 62%

Thanks: 4,388
Thanked 6,243 Times in 2,101 Posts
Join Date: May 2007
05-November-2008, 14:26

This whole thing sounds strange
-port 80 open is in the first place asking for problems
-only nabilosat has a "fix" or IS it that nabilosat has a security flaw

My biggest question is what is the security flaw


Hardware: DM500S, MaximumTorodial T90
Sat positions: 4.8,13.0,19.2,28.2
Software: Pli Jade 3 with X-line Skin
CAM: Cccam 2.1.3
NOT LOOKING FOR SHARES
ECS irc Chatroom
Cccam Collection topic
http://virusscan.jotti.org/en



Use the ====>>>><<<<==== when you are happy with a post instead of replying to a post (rule #11 and gets you even banned)

Last edited by morte; 05-November-2008 at 18:12..
   
Reply With Quote
Old
  (#5)
stylo
Junior Member
 
stylo's Avatar
 
Offline
Posts: 1

Level: 1 [♥ Bé-Yêu ♥]
Life: 0 / 0
Magic: 0 / 0
Experience: 0%

Thanks: 1
Thanked 0 Times in 0 Posts
Join Date: Oct 2008
05-November-2008, 20:32

From where I can download this patch?
   
Reply With Quote
Old
  (#6)
tvworld
Junior Member
 
tvworld's Avatar
 
Offline
Posts: 2

Level: 1 [♥ Bé-Yêu ♥]
Life: 0 / 0
Magic: 0 / 19
Experience: 2%

Thanks: 0
Thanked 0 Times in 0 Posts
Join Date: Jan 2008
05-November-2008, 20:59

I'm also interested
   
Reply With Quote
Old
  (#7)
salih
Permanent Banned
 
salih's Avatar
 
Offline
Posts: 237

Level: 14 [♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥♥ Bé-Yêu ♥]
Life: 0 / 334
Magic: 79 / 9551
Experience: 39%

Thanks: 33
Thanked 60 Times in 46 Posts
Join Date: Mar 2008
05-November-2008, 22:07

Quote:
Originally Posted by Morte View Post
This whole thing sounds strange
-port 80 open is in the first place asking for problems
-only nabilosat has a "fix" or IS it that nabilosat has a security flaw

My biggest question is what is the security flaw
this is a bug on enigma1 image .. the DMM and other devlopers team know about this .. but at moment only nabilosat team made finaly the fix for this enigma bug

the bug is very know but all devlopers keep it private to dont make 2 much troubles on dreambox sat scen .. ..
better to all all other ppl know about this bug . to keep it private as before and ppl use the fix or close theme 80 port
   
Reply With Quote
Old
  (#8)
vocoskun
Junior Member
 
vocoskun's Avatar
 
Offline
Posts: 1

Level: 1 [♥ Bé-Yêu ♥]
Life: 0 / 0
Magic: 0 / 0
Experience: 0%

Thanks: 2
Thanked 0 Times in 0 Posts
Join Date: Nov 2008
Age: 43
07-November-2008, 13:07

Thanks for this information good work, frends
   
Reply With Quote
Reply

Bookmarks

Tags
dreambox, enigma, important, security, update


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Forum Jump



ECS on RSS ECS on Twitter ECS on Facebook ECS on Youtube
Follow us on:

Powered by vBulletin
Copyright 2002 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
Dreambox