1 |
On 13:46 Wed 23 Mar , Lindsay Haisley wrote: |
2 |
> With perhaps a very few exception these exploits are aimed at MS |
3 |
> Windows boxes. Recent Flash vulnerabilities, for instance, are listed |
4 |
> as affecting "Adobe Flash Player 10.1.82.76 and earlier versions for |
5 |
> Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player |
6 |
> 10.1.92.10 for Android" but the report goes on to say that "There are |
7 |
> reports that this vulnerability is being actively exploited in the |
8 |
> wild against Adobe Flash Player on Windows." No mention of Linux, and |
9 |
> I can find no references to a web or email borne exploit found in the |
10 |
> wild that actually generates an *infection* on a Linux box. Consider |
11 |
> this a challenge, if you will, since I'd love to be proved wrong on |
12 |
> this last point and learn something. |
13 |
|
14 |
It's called reverse shellcode. One would exploit a vulnerability in your |
15 |
web browser, email reader, or integrated apps/libraries (primarily |
16 |
Flash, Evince/libpoppler, or Java) that provides the ability to run |
17 |
arbitrary code as the local user to get the shellcode onto your system |
18 |
and run it. Reverse shellcode then connects from your computer to a |
19 |
remote server and provides them with a login shell. At that point, they |
20 |
still need to come up with a local root vulnerability or use a keylogger |
21 |
till they get you becoming root. |
22 |
|
23 |
I'm not going to go into any more detail on it, but you can find it if |
24 |
you do some searching. |
25 |
|
26 |
-- |
27 |
Thanks, |
28 |
Donnie |
29 |
|
30 |
Donnie Berkholz |
31 |
Desktop project lead |
32 |
Gentoo Linux |
33 |
Blog: http://dberkholz.com |