Gentoo Archives: gentoo-desktop

From: Donnie Berkholz <dberkholz@g.o>
To: gentoo-desktop@l.g.o
Subject: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box.
Date: Wed, 23 Mar 2011 21:57:48
Message-Id: 20110323215604.GL22830@comet.mayo.edu
In Reply to: Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. by Lindsay Haisley
1 On 13:46 Wed 23 Mar , Lindsay Haisley wrote:
2 > With perhaps a very few exception these exploits are aimed at MS
3 > Windows boxes. Recent Flash vulnerabilities, for instance, are listed
4 > as affecting "Adobe Flash Player 10.1.82.76 and earlier versions for
5 > Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player
6 > 10.1.92.10 for Android" but the report goes on to say that "There are
7 > reports that this vulnerability is being actively exploited in the
8 > wild against Adobe Flash Player on Windows." No mention of Linux, and
9 > I can find no references to a web or email borne exploit found in the
10 > wild that actually generates an *infection* on a Linux box. Consider
11 > this a challenge, if you will, since I'd love to be proved wrong on
12 > this last point and learn something.
13
14 It's called reverse shellcode. One would exploit a vulnerability in your
15 web browser, email reader, or integrated apps/libraries (primarily
16 Flash, Evince/libpoppler, or Java) that provides the ability to run
17 arbitrary code as the local user to get the shellcode onto your system
18 and run it. Reverse shellcode then connects from your computer to a
19 remote server and provides them with a login shell. At that point, they
20 still need to come up with a local root vulnerability or use a keylogger
21 till they get you becoming root.
22
23 I'm not going to go into any more detail on it, but you can find it if
24 you do some searching.
25
26 --
27 Thanks,
28 Donnie
29
30 Donnie Berkholz
31 Desktop project lead
32 Gentoo Linux
33 Blog: http://dberkholz.com

Replies

Subject Author
Re: [gentoo-desktop] Vulnerabilities on an RFC-1918 masqueraded Linux box. Lindsay Haisley <fmouse-gentoo@×××.com>