On Wed, Oct 18, 2006 at 05:55:00AM +0400, Noah Meyerhans wrote: > On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote: > > > NB: although some are saying this is a local root exploit only, the > > > bulletin points out it can be exploited by visiting a malicious > > > webpage. > > > > I've not scrutinised the claims closely, but it looks like a remote > > vulnerability to me :-( > > The original(?) announcement of the vulnerability, > http://download2.rapid7.com/r7-0025/ , states that the problem can be > exploited as a DoS remotely via e.g. a specially crafted web page (an > example of which they've graciously provided). However, as I read it, > it sounds like you can only run arbitrary code if you are actually > accessing the X server directly via a client. While this client can be > local or remote, nobody is going to allow unauthenticated remote clients > to access their X server, so this might not be so bad... Presumably > this is because it's not practical or feasable to provide the actual > shell code you want to jump to if you're only controlling an HTML > document. If you're controlling the actual X client, it might be more > reasonable. Of course, this may allow an attacker to leverage one of > the many Firefox exploits to run code as root... > > Naturally, I could be wrong. > > noah >
Stop using blobs like nvidia videodriver in debian. Force them to go opensource! -- Matvey Gladkikh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
