Gentoo Archives: gentoo-desktop

From: Donnie Berkholz <dberkholz@g.o>
To: gentoo-desktop@l.g.o
Subject: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box.
Date: Wed, 23 Mar 2011 21:57:48
Message-Id: 20110323215604.GL22830@comet.mayo.edu
In Reply to: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. by Lindsay Haisley
On 13:46 Wed 23 Mar     , Lindsay Haisley wrote:
> With perhaps a very few exception these exploits are aimed at MS > Windows boxes. Recent Flash vulnerabilities, for instance, are listed > as affecting "Adobe Flash Player 10.1.82.76 and earlier versions for > Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player > 10.1.92.10 for Android" but the report goes on to say that "There are > reports that this vulnerability is being actively exploited in the > wild against Adobe Flash Player on Windows." No mention of Linux, and > I can find no references to a web or email borne exploit found in the > wild that actually generates an *infection* on a Linux box. Consider > this a challenge, if you will, since I'd love to be proved wrong on > this last point and learn something.
It's called reverse shellcode. One would exploit a vulnerability in your web browser, email reader, or integrated apps/libraries (primarily Flash, Evince/libpoppler, or Java) that provides the ability to run arbitrary code as the local user to get the shellcode onto your system and run it. Reverse shellcode then connects from your computer to a remote server and provides them with a login shell. At that point, they still need to come up with a local root vulnerability or use a keylogger till they get you becoming root. I'm not going to go into any more detail on it, but you can find it if you do some searching. -- Thanks, Donnie Donnie Berkholz Desktop project lead Gentoo Linux Blog: http://dberkholz.com

Replies

Subject Author
Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. Lindsay Haisley <fmouse-gentoo@×××.com>