Security Watch

Keeping Track of patches and hacks in the IT security world.

Asus Eee PC Ships with Remotely Exploitable Flaw

Asus Eee PC ships with remotely exploitable vulnerability

Out of the box, the highly touted Asus Eee PC ships with a known code-execution vulnerability that allows a hacker to remotely gain root over a network.

According to a warning from RISE Security, the Linux-powered machine uses an old--and vulnerable--version of the Samba daemon for Windows file and print sharing.

Using the Metasploit point-and-click attack tool, RISE Security was able to launch an exploit that took complete control of the Asus Eee PC.

Metasploit's HD Moore just about sums up my reaction to this news:

""Considering how much criticism other PC vendors have received for out-of-the-box security, its a wonder that a similar outcry has not been heard for Linux-based products.""

It's important to note that the actual vulnerability has already been patched in Samba 2.0.24.