IMPORTANT Security Update ( Dreambox Enigma 1 )



OVERVIEW
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your Dreambox Enigma 1 based system and gain control over it. This issue could allow an attacker to download any file from your Dreambox, through the HTTP port 80, when open to an external network. You can help protect your Dreambox by installing this update from Nabilosat Team. After you install this item, you must restart Enigma.

Not many people have port 80 open unless you want to have access to the web interface from outside your home network.

But there's no file to update?

hi Df
Hmmmmm many ppl have port 80 open even if i always advise to use ssh and a putty if you wanna access your webif
much more secure.
I will prepare a little guide soon hope that many user change their mind and use ssh
here the fix for nabilo image

SYSTEM REQUIREMENTS
Dreambox Enigma 1

INSTRUCTIONS
1) Download the required patch for your Dreambox model
2) Unzip compressed folder, and extract the file to your PC.
3) With your FTP software, go to /usr/bin for 7020 or /var/bin for 7000
4) delete the file enigma
5) copy the new extracted file to the same location in your DM
6) assign executable permissions 755 to the file
7) restart enigma


This patch is only for Dreambox running Nabilosat Enigma 1 images, and it is not compatible to other images.

please note that this bug effects all the immage running on enigma1

lol can u give us more info buddy ? tis great saying install tis to nablo image and all is fixed. any posts/threads about this so called problem ? e1 been out for years i find it hard that this "bug" hasnt been found before, i aint saying what your saying is bull just more info would be great

cheers

osborne82

you will find all info needed here (http://www.securiteam.com/unixfocus/5BP0R2KP5A.html) mate
this is a serious issue and we defo want realease a useless crap nabiloteam has been the first to overlook and take this bug in cosideration and release the fix :)
e1 is been out for ages it does not mean a thing as you know every webinterface can be potentially hacked so this fix is good for the present hack that has just been published but in near future i will expect more way to hack a db

hi Df
Hmmmmm many ppl have port 80 open even if i always advise to use ssh and a putty if you wanna access your webif
much more secure.
I will prepare a little guide soon hope that many user change their mind and use ssh
here the fix for nabilo image

SYSTEM REQUIREMENTS
Dreambox Enigma 1

INSTRUCTIONS
1) Download the required patch for your Dreambox model
2) Unzip compressed folder, and extract the file to your PC.
3) With your FTP software, go to /usr/bin for 7020 or /var/bin for 7000
4) delete the file enigma
5) copy the new extracted file to the same location in your DM
6) assign executable permissions 755 to the file
7) restart enigma


This patch is only for Dreambox running Nabilosat Enigma 1 images, and it is not compatible to other images.

please note that this bug effects all the immage running on enigma1



Sry I m new in this, but can I use DM600 to my Dm500s box?

Sry I m new in this, but can I use DM600 to my Dm500s box?
for dm500 needs to recompile new image to include the fix
soon it will be ready i will post here
in mean time close port 80 and keep firewall on
ciaoooo