Eee PC open to root hacks

Research organisation RISE Security has on Friday warned of a vulnerability in the Eee PC, the popular compact notebook from Asus. The machine's adapted Xandros Linux uses an old version of the Samba daemon for Windows file and print sharing. This version has several critical errors, one of which permits access to the root account. Many exploits for it are now circulating.

The RISE experts were able to gain access to the root over the network using the Metasploit penetration testing framework. This hole was closed almost a year ago, leaving little reason to use the flawed version in the Eee PC, which was only launched last autumn. No firmware update for the Eee PC is yet available.

See also:

• ASUS Eee PC rooted out of the box, vulnerability report by RISE Security
• CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution, summary at mitre.org

(mba)