On Wed, Oct 18, 2006 at 02:11:24AM +0100, paddy wrote: > > NB: although some are saying this is a local root exploit only, the > > bulletin points out it can be exploited by visiting a malicious > > webpage. > > I've not scrutinised the claims closely, but it looks like a remote > vulnerability to me :-( The original(?) announcement of the vulnerability, http://download2.rapid7.com/r7-0025/ , states that the problem can be exploited as a DoS remotely via e.g. a specially crafted web page (an example of which they've graciously provided). However, as I read it, it sounds like you can only run arbitrary code if you are actually accessing the X server directly via a client. While this client can be local or remote, nobody is going to allow unauthenticated remote clients to access their X server, so this might not be so bad... Presumably this is because it's not practical or feasable to provide the actual shell code you want to jump to if you're only controlling an HTML document. If you're controlling the actual X client, it might be more reasonable. Of course, this may allow an attacker to leverage one of the many Firefox exploits to run code as root... Naturally, I could be wrong. noah
Attachment:
signature.asc
Description: Digital signature