Mailinglist Archive: opensuse-security (33 mails)

< Previous Next >
Re: [opensuse-security] Possible local root exploit in the kernel
  • From: Basil Chupin <blchupin@xxxxxxxxxx>
  • Date: Mon, 11 Feb 2008 23:13:11 +1100
  • Message-id: <47B03BD7.1070806@xxxxxxxxxx>
Marcus Meissner wrote:
On Mon, Feb 11, 2008 at 10:52:40PM +1100, Basil Chupin wrote:
Rainer Duffner wrote:
Carlos E. R. schrieb:
The Sunday 2008-02-10 at 22:02 -0800, Crispin Cowan wrote:

It's a local exploit; the attacker has to already be logged into your
box to exploit it.
If you have hostile users logged into your box, and this patch is
urgent, then you have worse problems than this patch :-)
It has been suggested that an attacker might gain access through a
flash animation on a webpage, as normal user, and then scalate to root.
By default, OpenSuSE doesn't install Flash.
At least, 10.3 didn't here, but that may have to do with the fact that I
run x86_64...

Does it concern SLES, too, BTW?
I've no VM of it ATM, so I can't try.
RHEL5.1 just OOPSed, though.
True, but Firefox does install it (and others) when you go to site which requires Flash or others) before you can view anything of 'interest'.

As a follow-on, Firefox introduced/has an addon, an extension, called NoScript which anyone concerned with avoiding 'fire and brimstone' would immediately install.

I am currently not aware of code-execution problems in Flash, so these are
just vague thoughts.

Ciao, Marcus
"Currently" is probably correct, but it may pay to read what the author of NoScript states-


http://noscript.net/faq#qa1_10



Ciao.


--
If you want to know what a man is like, take a look at how he treats his
inferiors not his equals.

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >