On Wed, 03 May 2006 13:51:04 +0100, Roy Schestowitz wrote:
> ,----[ Quote ]
>| THE US DEPARTMENT of Homeland Security has flagged a critical
>| vulnerability in Unix and Linux OSX operating systems.
> Yes, it's true, but just as in the recent (x)Ubuntu 5.x case, this was
> *immediately* patched and could only ever be exploited only by a local user.
> Compare that to Windows where Administrator password recovery is rather
> trivial, given physical access to the machine. SuSE and even Palm O/S have
> similar workarounds, so merely none makes the exception.
So, you compare a remotely exploitable hole with a physical securiyt breach
(which you can do just as easily on Linux). Nice.
What? Remotely exploitable? Yes. It's true that the X server has to be
running on the local machine, but if YOU are running X locally, then
someone remotely can exploit you in conjunction with some other flaw that
allows arbitrary code as the lcoal user.
Let's take, oh, the recent Firefox flaw. Suppose you browse to a rougue
site that exploits the firefox flaw to run arbitary code (They call it a
DoS vulnerability, but there are people that think it could be used to
execute arbitary code). This code can then use the X vulnerability to gain
root access because that code executes locally as you, and since X is
required to run Firefox on *n*x, it's a nearly guaranteed exploit if
they're not patched.
This is why even local root exploits are dangerous, even though people like
yourself try to play them down as irrelevant.