USB driver bug exposed as "Linux plug&pwn"
Rafael Dominguez Vega of MRW InfoSecurity has reported a bug in the Caiaq USB driver which could be used to gain control of a Linux system via a USB device.
The bug is caused by the device name being copied into a memory area with a size of 80 bytes using strcpy() without its length being tested. A crafted device with a long device name could thus write beyond the limits of this buffer, allowing it to inject and execute code.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump