DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th December 2016
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 636
Default 0-days hitting Fedora and Ubuntu open desktops

http://arstechnica.com/security/2016...s-now-a-thing/

Quote:
The exploit ending in .flac works as a drive-by attack when a Fedora 25 user visits a booby-trapped webpage. With nothing more than a click required, the file will open the desktop calculator. With modification, it could load any code an attacker chooses and execute it with the same system privileges afforded to the user. While users typically don't have the same unfettered system privileges granted to root, the ones they do have are plenty powerful. Such an exploit can, for instance, read and steal all the user's most personal data, including documents, pictures, e-mail, and chat transcripts. It could also steal the user's browser cookies and sessions for Gmail, Facebook, Twitter, and other sites. It could additionally persist across reboots, although not as stealthily as a root exploit. And as is growing increasingly common, it could be combined with a local root privilege exploit to gain full system rights. Here's a video of it in action:
Added:
I wasn't able to reproduce this attack on OpenBSD.
Code:
chrome(28032) in free(): use after free 0x1fddfd7ab240
Abort trap (core dumped)
But maybe exploit should be just rewritten for OpenBSD.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 16th December 2016 at 10:56 AM. Reason: Added unsuccessful reproduction
Reply With Quote
  #2   (View Single Post)  
Old 17th December 2016
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

So, if I am running a minimal desktop such as dwm or openbox, and don't have a desktop calculator installed, is it still vulnerable?
Reply With Quote
  #3   (View Single Post)  
Old 17th December 2016
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 636
Default

Quote:
Originally Posted by scottro View Post
So, if I am running a minimal desktop such as dwm or openbox, and don't have a desktop calculator installed, is it still vulnerable?
If attacker can run calculator, he probably can run anything (in the context of logged user). Calculator is just an example.

Vulnerability is in Super Nintendo SPC-700 emulator used by gstreamer media playback framework. I don't know whether OpenBSD's antiexploit mitigations can prevent attack on this vulnerability.

Added:
I was trying to figure out whether Game Music Emu is present in ports but I think it is not. gst-inspect also does not know anything about snes or nintendo.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 17th December 2016 at 12:03 PM.
Reply With Quote
  #4   (View Single Post)  
Old 17th December 2016
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 662
Default

Ah, I see, I didn't read as closely as I should have. Thank you.
Reply With Quote
  #5   (View Single Post)  
Old 13th January 2017
sevendogs's Avatar
sevendogs sevendogs is offline
Real Name: Paul
New User
 
Join Date: Jan 2017
Location: Texas
Posts: 5
Default

Good post, thanks OP. Some people think Linux/Unix are not prone to attacks but any OS is. Makes a good case for backing up your data.
__________________
"Give a Man a Truth And He Will Think For a Day. Teach a Man To Reason And He Will Think For a Lifetime."
Reply With Quote
Reply

Tags
0-day, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet routers hitting 512K limit, some become unreliable J65nko News 0 14th August 2014 08:11 AM
1100 days...gone rocket357 Other BSD and UNIX/UNIX-like 4 24th April 2011 01:53 PM
Get the Days of the Week cksraj Programming 3 26th September 2009 11:01 AM
my X11 or Gnome kill after 5 days mfaridi FreeBSD General 14 13th November 2008 04:27 AM
How to view & open DOCX files in Ubuntu/OpenOffice. unixdude Other BSD and UNIX/UNIX-like 0 11th July 2008 08:38 AM


All times are GMT. The time now is 05:23 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick