From: Donnie Berkholz <dberkholz@gentoo.org>
To: gentoo-desktop@lists.gentoo.org
Subject: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box.
Date: Wed, 23 Mar 2011 16:56:05 -0500 [thread overview]
Message-ID: <20110323215604.GL22830@comet.mayo.edu> (raw)
In-Reply-To: <1300905997.21521.142.camel@vishnu.fmp.com>
[-- Attachment #1: Type: text/plain, Size: 1562 bytes --]
On 13:46 Wed 23 Mar , Lindsay Haisley wrote:
> With perhaps a very few exception these exploits are aimed at MS
> Windows boxes. Recent Flash vulnerabilities, for instance, are listed
> as affecting "Adobe Flash Player 10.1.82.76 and earlier versions for
> Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player
> 10.1.92.10 for Android" but the report goes on to say that "There are
> reports that this vulnerability is being actively exploited in the
> wild against Adobe Flash Player on Windows." No mention of Linux, and
> I can find no references to a web or email borne exploit found in the
> wild that actually generates an *infection* on a Linux box. Consider
> this a challenge, if you will, since I'd love to be proved wrong on
> this last point and learn something.
It's called reverse shellcode. One would exploit a vulnerability in your
web browser, email reader, or integrated apps/libraries (primarily
Flash, Evince/libpoppler, or Java) that provides the ability to run
arbitrary code as the local user to get the shellcode onto your system
and run it. Reverse shellcode then connects from your computer to a
remote server and provides them with a login shell. At that point, they
still need to come up with a local root vulnerability or use a keylogger
till they get you becoming root.
I'm not going to go into any more detail on it, but you can find it if
you do some searching.
--
Thanks,
Donnie
Donnie Berkholz
Desktop project lead
Gentoo Linux
Blog: http://dberkholz.com
[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2011-03-23 21:57 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-21 16:11 [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box Lindsay Haisley
2011-03-22 21:40 ` Donnie Berkholz
2011-03-23 9:44 ` Roman Zilka
2011-03-23 18:46 ` Lindsay Haisley
2011-03-23 21:56 ` Donnie Berkholz [this message]
2011-03-23 22:36 ` Lindsay Haisley
2011-03-25 2:55 ` Lindsay Haisley
2011-03-24 9:29 ` Roman Zilka
2011-03-24 15:01 ` Lindsay Haisley
2011-03-24 18:30 ` Roman Zilka
2011-03-24 19:06 ` Lindsay Haisley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110323215604.GL22830@comet.mayo.edu \
--to=dberkholz@gentoo.org \
--cc=gentoo-desktop@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox