Gentoo Archives: gentoo-desktop

From: Lindsay Haisley <fmouse-gentoo@×××.com>
To: gentoo-desktop@l.g.o
Subject: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box.
Date: Wed, 23 Mar 2011 22:38:11
Message-Id: 1300919801.21521.217.camel@vishnu.fmp.com
In Reply to: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. by Donnie Berkholz
On Wed, 2011-03-23 at 16:56 -0500, Donnie Berkholz wrote:
> It's called reverse shellcode. One would exploit a vulnerability in your > web browser, email reader, or integrated apps/libraries (primarily > Flash, Evince/libpoppler, or Java) that provides the ability to run > arbitrary code as the local user to get the shellcode onto your system > and run it. Reverse shellcode then connects from your computer to a > remote server and provides them with a login shell.
Very interesting! I did a bit of looking. This appears to be far into the realm of grey-hat hacking. I found <http://linux.softpedia.com/get/System/Shells/Sishell-25119.shtml> and <http://projectshellcode.com/node/2>. This looks mostly like it's theoretical, proof of concept stuff, and some of it uses DNS as an intermediary agent. Do exploits based on on these techniques actually exist in the wild that you know of? Linux is unsinkable, just like the Titanic. -- Lindsay Haisley | "Never expect the people who caused a problem FMP Computer Services | to solve it." - Albert Einstein 512-259-1190 | http://www.fmp.com |

Replies

Subject Author
Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. Lindsay Haisley <fmouse-gentoo@×××.com>