Ubuntu
rhythmbox package

daap plugin opens port by default

Bug #1771196 reported by Alan Jenkins
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rhythmbox (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

In a default installation, the daap plugin is enabled, and listens to port 3689 (daap).

tcp 0 0 *:daap *:* LISTEN guest-43a0me 72019 -

Ubuntu has a "no open ports by default" policy.[1][2]

[1] https://bugs.launchpad.net/ubuntu/+source/banshee/+bug/753986
[2] https://wiki.ubuntu.com/SecurityTeam/Policies#No_Open_Ports

Please resolve this e.g. by updating rhythmbox not to listen on a port by default, or documenting rhythmbox as an exception to the security policy.

---

Ubuntu 16.04.4 LTS
rhythmbox 3.3-1ubuntu7

Alan Jenkins (aj504)
information type: Public → Public Security
Steve Beattie (sbeattie)
affects: banshee (Ubuntu) → rhythmbox (Ubuntu)
Revision history for this message
Alan Jenkins (aj504) wrote :

Thank you for fixing my silly mistake, Steve.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

While Rhythmbox does indeed open a port when started, the user needs to start it before the port becomes available. This is no different than opening a Bittorrent client application, or some other application that opens ports.

That being said, perhaps the plugin should be disabled by default.

Thanks!

Changed in rhythmbox (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.