Is adobe labs 64 bit flash player vulnerable latest exploit ?

The 10.1 pre- release is not affected, but I am not sure about the 64 bit Linux pre-release that I am currently running. If it is also affected, I hope that labs will patch it tomorrow as well. See ronjor's post https://www.wilderssecurity.com/showpost.php?p=1691409&postcount=7

 

authplay.dll on Linux ... don't they mean a shared object?

Adobe instructions, no mention of "UNIX" removal of authplay.dll.

And Flash in PDF, Acrobat ... sounds like more poo than it really is. I hazard that if you do not use Acrobat Reader on Windows, this is not a biggie.

Mrk

 

I read somewhere that under Linux libauthplay.so is affected. I can't find this file on my system.

However, I'm only using flash player. Perhaps this file only exists on a Linux system if also Adobe Reader is installed ?

 

On my Lucid I have adobe reader - the file is here /opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so
On my Karmic I don't have the reader, only flash, and that file is absent.

I am more concerned about the 64 bit Linux flash player from adobe labs. I don't know whether it is affected and if so when it will be patched.

 

If you have apparmor enabled, I don't see flash vulnerability doing much damage anyways.

 

Hm. I'm not an apparmor expert but I don't seem to have a profile for flash, not either in /usr/share/doc/apparmor-profiles/extras/. The usr.bin.firefox profile covers java but not flash. So out of curiosity: How can apparmor protect against flash vulnerabilities (unless you've created an extra profile for flash, of course)?

 

The attack if I am not mistaken is via Javascript and in this case, the browser is locked in by apparmor so I don't think any harm can be done. I maybe wrong but last time in pwn2own when all systems fell via flash hack, ubuntu was the only system that survived.

 

you mean linux linuxforall or just ubuntu

got fedora + selinux enable dont worry

it keep giving irritation to hacker he pull his hair and leave my system alone


just kidding

 

Well Ubuntu runs on Linux so yes, final credit goes to Linux. So far not a single case of this exploit affecting Ubuntu or other linux distros have surfaced. Had that been the case, updates would be out in a jiffy. Also according to the Adobe blog, I don't see a single place where x64 alpha flash is mentioned for this vulnerability even though version numbers do match.
http://www.adobe.com/support/security/advisories/apsa10-01.html

 

http://secunia.com/


http://secunia.com/advisories/40034

http://secunia.com/advisories/40026

 

Solution given on http://secunia.com/

Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files.

what i did is i remove the root cause i mean that file

#rm -f /opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so

adobe reader is working fine it blocks flash swf (Shockwave Flash)content playing in adobe i guss who use that i never used that feature in adobe so i okies with that

for flash

Solution
Reportedly, the latest version 10.1 Release Candidate is not affected.
Further details available in Customer Area

 

Why use Adobe reader when there are good and working solutions in Linux distro which are safer, Evince which is default in Ubuntu also comes with its apparmor profile for all this nuisance.

 

I like evince, but I do not think the font rendering is as good as acroread (make sure to disable the javascript function in acroread if you are a suspicious person like myself). Actually use Foxit for my pdfs. Yes, I went outside the repos for this one, shoot me.

 

How bout Okular?

 

Isn't that more of a kde app? Not that I can't install it, but I'm one of those peculiar people that does not like to install kde apps in gnome (and vice-versa). I'm going to check in synaptic right now. Although I really like the linux version of Foxit.

Edit: Yes it is kde, with a hell of a lot of dependencies. Although I do remember it as a very good program when I ran PCLOS 2010.

 

sorry asking out of topic question

my firefox show apparmor show i am new to apprmor

sudo /etc/init.d/apparmor start
* Starting AppArmor profiles ok

Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox

 

Exactly, that's what I was (am) confused about.

Did you enable it like this ?

sudo aa-enforce /etc/apparmor.d/usr.bin.firefox (for Lucid)

Then check. sudo apparmor_status

 

Please tell us what

sudo aa-status

shows.

 

aha thanks ocky sorry yes i did the default mode

Setting /etc/apparmor.d/usr.bin.firefox to enforce mode.
mack@mack-desktop:~$ sudo aa-status
apparmor module is loaded.
33 profiles are loaded.
13 profiles are in enforce mode.
/sbin/dhclient3
/usr/bin/evince
/usr/bin/evince-previewer
/usr/bin/evince-thumbnailer
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/connman/scripts/dhclient-script
/usr/lib/cups/backend/cups-pdf
/usr/lib/firefox-3.6.3/firefox-*bin
/usr/lib/firefox-3.6.3/firefox-*bin//firefox_java
/usr/lib/firefox-3.6.3/firefox-*bin//firefox_openjdk
/usr/sbin/cupsd
/usr/sbin/tcpdump
/usr/share/gdm/guest-session/Xsession
20 profiles are in complain mode.
/bin/ping
/sbin/klogd
/sbin/syslog-ng
/sbin/syslogd
/usr/lib/dovecot/deliver
/usr/lib/dovecot/dovecot-auth
/usr/lib/dovecot/imap
/usr/lib/dovecot/imap-login
/usr/lib/dovecot/managesieve-login
/usr/lib/dovecot/pop3
/usr/lib/dovecot/pop3-login
/usr/sbin/avahi-daemon
/usr/sbin/dnsmasq
/usr/sbin/dovecot
/usr/sbin/identd
/usr/sbin/mdnsd
/usr/sbin/nmbd
/usr/sbin/nscd
/usr/sbin/smbd
/usr/sbin/traceroute
3 processes have profiles defined.
1 processes are in enforce mode :
/usr/sbin/cupsd (1570)
2 processes are in complain mode.
/usr/sbin/avahi-daemon (1011)
/usr/sbin/avahi-daemon (1010)
0 processes are unconfined but have a profile defined

 

I am using bodhi.zazen's profile for Opera as I don't have time to learn about apparmor profile creation (i.e. really effective profile). http://bodhizazen.net/aa-profiles/
It is fine and I also use flashblocker http://my.opera.com/Lex1/blog/flashblock-for-opera-9

 

The only process that has a profile in enforcing mode is cupsd, which comes with a profile enabled by default. In order to turn the Firefox profile on, you will need to do:

Code:

sudo aa-enforce /etc/apparmor.d/usr.bin.firefox

In fact, I suggest you put all the profiles in enforce mode:

Code:

sudo aa-enforce /etc/apparmor.d/*

Then restart Firefox and run aa-status again.

 

I think I don,t need to run this command:

sudo aa-enforce /etc/apparmor.d/*

Am I true?

Also is there a profile for latest chromium? Thanks

 

re: mack_guy911's output........
That's new to me - why does the output then show that of the enforced profiles, firefox is there ? viz. /usr/lib/firefox-3.6.3/firefox-*bin
/usr/lib/firefox-3.6.3/firefox-*bin//firefox_java
/usr/lib/firefox-3.6.3/firefox-*bin//firefox_openjdk
I have the same and java is blocked - proving that the profile is loaded. Maybe I have misunderstood apparmor all the time. No idea anymore.

 

Because he has set it to enforce mode in post #19?

 

No, you're right. They are in enforce mode but he apparently didn't have FF running when he did aa-status. These lines:

Code:

3 processes have profiles defined.
1 processes are in enforce mode :
/usr/sbin/cupsd (1570) 

show only one process in enforce mode. But, of course, that means only one running process is in enforce mode.

Nevertheless, he still has a lot of profiles in complain mode that I think he should turn on.

Code:

sudo aa-enforce /etc/apparmor.d/*

will do it.