Open ThomasKaiser opened 8 years ago
ThomasKaiser
commented
8 years ago Congratulations. By ignoring this that long you might also get some individual media attention soon: http://www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_kernel_has_a_nasty_root_backdoor
sunbeyond40
commented
8 years ago Hi ThomasKaiser, thanks for your notice. that is a serious problem.we have change the code to avoid it .
ThomasKaiser
commented
8 years ago How many of your Cubietruck Plus customers are still affected by this exploit? Did you inform them, provide a new kernel package and new OS images?
sunbeyond40
commented
8 years ago Of course, a new image is neccecssary to replace the old image, we are doing it in these days.
SeeMirra
commented
8 years ago Any updates on the new image?
ThomasKaiser
commented
7 years ago Any updates on the new image?
Just checked on https://mega.nz/#F!0gREnYCQ!dBuYl9YgMP8r2Diw_BuStg!MlI0VZhA
CB5 images are dated back to 2016-04-11 which was 3 weeks before I reported the rootmydevice vulnerability to Cubietech:
macbookpro-tk:~ tk$ 7z l /Users/tk/Downloads/linaro-server-cubietruck-plus-card-hdmi-v1.0.img.7z
7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=utf8,Utf16=on,HugeFiles=on,64 bits,4 CPUs x64)
Scanning the drive for archives:
1 file, 180786642 bytes (173 MiB)
Listing archive: /Users/tk/Downloads/linaro-server-cubietruck-plus-card-hdmi-v1.0.img.7z
--
Path = /Users/tk/Downloads/linaro-server-cubietruck-plus-card-hdmi-v1.0.img.7z
Type = 7z
Physical Size = 180786642
Headers Size = 199
Method = LZMA:24
Solid = -
Blocks = 1
Date Time Attr Size Compressed Name
------------------- ----- ------------ ------------ ------------------------
2016-04-11 09:59:49 ....A 889192448 180786443 linaro-server-cubietruck-plus-card-hdmi-v1.0.img
------------------- ----- ------------ ------------ ------------------------
2016-04-11 09:59:49 889192448 180786443 1 filesIssue archived: https://archive.is/AXdsN
SeeMirra
commented
7 years ago
Are you affected too?