I just updated to the latest ROM last night. I put in my Linksys 802.11b wireless card and did a port scan. I can see ports 111, 4242, 4243, & 4992, but I can't seem to connect to any of them. I'm behind a firewall at work and at home, so I'm not extremely worried, but I would like it to be as secure as possible. Walt -----Original Message----- From: Stephen Harris [mailto:bugtraq@spuddy.org] Sent: Wednesday, July 10, 2002 4:08 PM To: BugTraq mailing list Subject: Re: Multiple Security Vulnerabilities in Sharp Zaurus On Wed, Jul 10, 2002 at 01:49:11PM -0400, SURUAZ wrote: > > The Sharp(R) Zaurus(tm) SL-5000D and SL-5500 handhelds use FTP for > performing sync operations with a PC. The FTP daemon on both Zaurus > models is built into QPE, the default windowing system for the units, on > port 4242. The daemon binds to all network interfaces on the Zaurus, > including any wireless network or PPP interfaces. [ snip ] > Zaurus users who use ethernet or PPP to attach to a network should > either discontinue use of QPE or place themselves behind a firewal until > a patch for QPE is released. According to http://www.linuxjournal.com/article.php?sid=5902 At least, the latest version of the ROM makes the FTP server open only on the USB network interface Document is dated Jul 2, 2002. My ROM is 2.12 (machine was bought on July 9!) and if I try to connect to port 4242 over wireless network the connection is terminated immediately. I haven't tried to connect via USB yet (not even unwrapped the USB adapter). -- rgds Stephen
