asus eee pc rootable by default

The Asus Eee PC (the official page is way too flowery to link to) is becoming a bit popular amongst colleagues for the low price and small footprint. It comes loaded with Xandros by default. Via the Full-Disclosure mailing list, it appears the device comes shipped with a rootable version of the Samba daemon. Doh! Props to RISE Security for finding and posting about this.

If you’re like me and have not jumped on the wagon of the Asus Eee, it might be worth waiting for the second generation in April (from the Wikipedia article).

If you run a network that you want to be hostile to outsiders and you don’t use Asus Eee’s, you should be able to add passive/active rogue system detections to automatically trigger this rooting should a system be plugged in. Detect, root, wipe, see who screams later.