Ubuntu addict and loving it
Nevermind, was already fixed a few days ago:
evince (2.32.0-0ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via multiple dvi backend
overflows
- debian/patches/02_CVE-2010-264x.patch: add bounds checking in
backend/dvi/mdvi-lib/{afmparse,dviread,pk,tfmfile,vf}.c.
- CVE-2010-2640
- CVE-2010-2641
- CVE-2010-2642
- CVE-2010-2643
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 03 Jan 2011 11:38:25 -0500
retired
Thanks for the update folks. This is what makes Lunix and Ubuntu great!
Woof
Sweet!Originally Posted by psusi
Skinny Extra Sweet Ubuntu
Here's a direct link to the presentation (PDF Slidehow)
http://blogs.iss.net/archive/papers/...inst_Linux.pdf
Note that some of the potential access points are not protected by PIE or AppArmor. Of course the premise here is getting a USB or other autorun device mounted after the target systems is booted.
As I see it "Browse media when inserted, " is OK, but having "Never prompt or srart media when inserted..." enabled is a good thing too.
Also, I disable thumbnailers by default anyway. Just like the conclusion says.
Last edited by emarkay; February 9th, 2011 at 09:52 PM. Reason: Typo
Ubuntu 16.04-Dell P390,Pentium D 3.4G,4G R,NVIDIA GT360
Ubuntu 16.04-Dell DE520,Pentium D 2.80G, 3G R,NVIDIA GeForce9500GT
Ubuntu 18.04-Dell PM90,Intel T2600 2.1G,4G R,NVIDIA Quadro FX 500M
Ubuntu 18.04-HP 15-F233wm,Celeron N3050 1.6G,4G R,Intel HD
Skinny Soy Caramel Ubuntu
Well, in a lot of cases you just have to get your corrupted file onto someone's USB stick so that when they plug it into the computer the thumbnailer will run and execute your exploit code. That's much easier than getting your own USB stick plugged into the computer as people often use them to transfer files, particularly to machines that aren't network or are on private networks.
First Cup of Ubuntu
.. and that is indeed the default setting in Ubuntu 9.10 and later:
http://www.ubuntu.com/usn/usn-1035-1
"In the default installation of Ubuntu 9.10 and later, attackers would be isolated by the Evince AppArmor profile. "
Hooked on Manjaro
Not possible. AppArmor is set to complain, not enforce, by default. Which means it wouldn't be protecting./me was wrong
Last edited by uRock; February 10th, 2011 at 04:38 PM.
Cheers & Beers, uRock
[SIGPIC][/SIGPIC]
Too much Ubuntu
It's definitely set to enforce.
Code:$ sudo apparmor_status apparmor module is loaded. 10 profiles are loaded. 10 profiles are in enforce mode. /sbin/dhclient3 /usr/bin/evince /usr/bin/evince-previewer /usr/bin/evince-thumbnailer /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/lib/cups/backend/cups-pdf /usr/sbin/cupsd /usr/sbin/ntpd /usr/sbin/tcpdump 0 profiles are in complain mode. 2 processes have profiles defined. 2 processes are in enforce mode : /sbin/dhclient3 (4424) /usr/sbin/cupsd (1025) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined.
Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 1 X 1TB, 2 X 3TB HDD
Please don't request support via PM
Hooked on Manjaro
I could've sworn I had to enable those on my first install. Learn something new every day.
Thanks,
uRock
Cheers & Beers, uRock
[SIGPIC][/SIGPIC]
Way Too Much Ubuntu
Re: USB autorun attacks against Linux
http://www.h-online.com/open/news/fo...14371201/read/It was evince-thumbnailer that
was exploited, not Nautilus and certainly not Linux. This feature in
Nautilus exposes other systems to potential attacks, but Nautilus
itself was not shown as vulnerable in the demonstration. Nautilus
also has a configuration option which lets you choose if you want
this behavior or not, although I personally believe it shouldn't do
this at all when the screen is locked.
This is a vulnerability in Ubuntu (and probably other GNOME-based
distros), but it is completely erroneous to say that it's a
vulnerability in Linux, for two reasons: 1) The applications that
were exploited are in use on non-Linux systems (and will be equally
exposed), and 2) many Linux-systems doesn't use these applications at
all.
Last edited by newbie2; February 10th, 2011 at 05:54 PM.
Posting Permissions
Adv Reply
Bookmarks