Pwning Linux

http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups/

http://www.securitytube.net/Bypassi...ulnerable-Application-with-ret2esp-video.aspx

http://rawlab.mindcreations.com/

http://lists.immunitysec.com/pipermail/dailydave/2007-March/004133.html

 

Good find, personally I have never liked the idea in FF of allowing 3rd party plugins. The Greasemonkey script was a disaster a while back.

This hack on Linux shows that nothing is invulnerable to a determined human mind.

 

I google to see what was available for Linux exploits. I didn't know there were so many

No where near the amount for Windows if a comparison were done.

Since I've been tooling around on a LiveCD to get familiar with Linux, it has its advantages.
Hardware support is much better than 2 years ago.

 

Already fixed in January, see http://www.ubuntu.com/usn/usn-707-1

As for the other vulnerabilities, I haven't checked if they are really exploitable or if they have been fixed in the meantime.

Nobody ever said that Linux has no vulnerabilities - any OS has. But they are usually fixed in the shortest time possible when detected - see the first example. So I'm not quite sure what you're trying to tell us.

 

Just info for interested people. I was personally curious and found some interesting info and thought I would share what I found. There is always talk about Windows exploit this or Windows exploit that. I wanted to see what was around for Linux.

I know they fixed the cups thing, scrolling down at gnucitizen shows the updated info in the comments.

@tlu

Do you have any links to other exploits? I would be interested in reading about them.

 

Not necessarily exploits but vulnerabilities:

http://secunia.com/advisories/product/2719/
http://insecure.org/sploits_linux.html
http://www.linux-sec.net/Exploits/

 

To put it bluntly, that's BS. Posting about an exploit that you admit you knew had been fixed, isn't informative, it is exploiting FUD. It serves no purpose but to aid MS in their campaign to convince people, falsely, that Linux isn't a safer alternative.

Others will probably give you "the benefit of the doubt," but personally, I don't believe your protestations that you are just trying to be "informative." I've seen this "wolf in sheep's clothing" act too many times.

BTW, I'm happy to give you the ammunition to prove that Linux users are a bunch of meanies. Generally, they are a very helpful community. But I'm a "grumpy old man" that "doesn't suffer fools kindly."

 

Well considering Searching___ believes in invisible bios-proof rootkits, I can see the reason for liking to write about exploits. The truth is: preventing malware on Windows simple, preventing it on Linux is dead boring. No click, no trick.

Too shame about the LB 2009

Mrk

 

I thought it was fixed already, I know for well that unlike MS or Mac, Linux won't hide vulnerabilities like this for ten years and then come out with an excuse.

 

I wouldn't be so sure about that. You seem to be tolerating yourself quite well.

 

@lewmur
You trying to win me over?

Thank you tlu for the links.

@Markvonic
You might believe that light travels in a straight line, but I wouldn't pick on you because of that.

Challenging discussions are always profitable. I am going to have to look up FUD.

 

Hello,

Searching___ ... after 5,000 posts, I guest the extra A in Mrk should obviously be avoided

As to light, straight line - I'm a physicist, I know it ain't going in straight line. It gets pretty cool proving that with S integrals in Analytical Mechanics or by writing down a few Lagrangians to prove the Fermat's theorem - not his last, though Then, there's gravity and gravitational lensing and coupling of space time and Einstein's metrics, I'm not one for straight lines, BUT invisible rootkits are as real as gravitons.

What about LB 2009, any news on un-cancellation

Mrk

 

Not really.

 

Oops. Srry
LB is a yearly thing. I tried to order it for the SuperBowl only to find out it was cancled. They're trying to start up a regular league with teams.

Physicist- Kool. <shouts>P-town</shouts>
Gravity (friction) is just an effect, the result of a substance, much like water or air, just less dense.
What's going on with Sonoluminescence?

Insecure.org is like a clearing house, lots of stuff.

 

i don't care what anyone thinks about this thread, i'm still using an unsupported distro. i'm thinking about installing something that's supported now. i've got to get my stupid external HDD working so i can backup and reinstall.

i'll definitely do it tomorrow lol.

 

Give Ubuntu and PCLOS a spin.

 

i think i'm going to use arch

 

Hey: that's my mantra: you can borrow it; but I own it.

With your expertise: you'll lurve it.

 

More pwnage, or if you lost your password.

http://linuxgazette.net/issue51/tag/2.html