DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 14th April 2011
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default Latest Flash Player Vulnerability

Something to think about when you try to set up flash in a BSD.
http://blogs.technet.com/b/mmpc/arch...psa11_2d00_02/

http://blogs.technet.com/b/mmpc/arch...loitation.aspx
Reply With Quote
  #2   (View Single Post)  
Old 15th April 2011
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Something to think about when you try to set up flash in a BSD.
You mean how this will only work on Windows and not on BSD?

I doubt there are any BSD exploits for flash, in the wild or otherwise ...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 15th April 2011
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Default

I only use Flash for listening to a radio stream, so I worry not: I could always restrict it to a single browser and rig it for that task if need be. Hehe.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #4   (View Single Post)  
Old 15th April 2011
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 163
Default Latest Flash Player Vulnerability Reply to Thread

Quote:
Originally Posted by shep View Post
I agree that this is something to think about. The vulnerability is specifically targeted to Microsoft Windows, but it could just as easily be targeted to Linux or FreeBSD.

The heart of the exploit embeds some assembly code for an Intel x86 machine that does an INT 80 to call the operating system to execute an arbitrary shell command.

This same INT 80 is used in Linux x86 :

http://www.cin.ufpe.br/~if817/arquiv....html#syscalls

And the same INT 80 used in FreeBSD x86:

http://www.int80h.org/bsdasm/

This is a good reminder of why not to run the X Window system as root...

I think it is a good idea to separate business activities from entertainment activities.

At home I keep one machine just for entertainment and let it run flash and whatever but I never do business on that machine...
Reply With Quote
  #5   (View Single Post)  
Old 15th April 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by comet--berkeley View Post
At home I keep one machine just for entertainment and let it run flash and whatever but I never do business on that machine...
This is a really good idea that I urge people (with the resources to do so) to do. Good clean separation of duties can minimize the impact of so many problems (not just computer problems, either).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
New zero-day for Flash Player J65nko News 1 18th April 2011 10:08 AM
RSA break-in: it was the Flash Player's fault J65nko News 0 5th April 2011 09:35 PM
flash player ccc FreeBSD Ports and Packages 9 23rd October 2008 12:07 PM
Flash player threads Carpetsmoker FreeBSD General 0 22nd October 2008 12:45 PM
Creating a flash player jgroch Programming 0 21st August 2008 05:27 AM


All times are GMT. The time now is 02:36 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick