On 13:46 Wed 23 Mar , Lindsay Haisley wrote: > With perhaps a very few exception these exploits are aimed at MS > Windows boxes. Recent Flash vulnerabilities, for instance, are listed > as affecting "Adobe Flash Player 10.1.82.76 and earlier versions for > Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player > 10.1.92.10 for Android" but the report goes on to say that "There are > reports that this vulnerability is being actively exploited in the > wild against Adobe Flash Player on Windows." No mention of Linux, and > I can find no references to a web or email borne exploit found in the > wild that actually generates an *infection* on a Linux box. Consider > this a challenge, if you will, since I'd love to be proved wrong on > this last point and learn something.
It's called reverse shellcode. One would exploit a vulnerability in your web browser, email reader, or integrated apps/libraries (primarily Flash, Evince/libpoppler, or Java) that provides the ability to run arbitrary code as the local user to get the shellcode onto your system and run it. Reverse shellcode then connects from your computer to a remote server and provides them with a login shell. At that point, they still need to come up with a local root vulnerability or use a keylogger till they get you becoming root. I'm not going to go into any more detail on it, but you can find it if you do some searching. -- Thanks, Donnie Donnie Berkholz Desktop project lead Gentoo Linux Blog: http://dberkholz.com
pgpWGeMEbwhRW.pgp
Description: PGP signature
