[linux] flash::ziskanie kontroly nad systemom
Jan Kunder
jan.kunder na gmail.com
Sobota Září 23 16:21:56 CEST 2006
Ahoj.
Critical vulnerabilities have been identified in Flash Player 8.0.24.0
and earlier versions that could allow an attacker who successfully
exploits these vulnerabilities to take control of the affected system. A
malicious SWF file must be loaded in Flash Player by the end user for an
attacker to exploit these vulnerabilities.
http://www.adobe.com/support/security/bulletins/apsb06-11.html
http://www.itnews.sk/buxus_dev/generate_page.php?page_id=44081#forumtree
===
Chcem sa opytat, ci v takychto pripadoch ozaj moze ziskat utocnik
"kontrolu nad system"[[to take control of the affected system]] alebo
"len nad userom", t.z. moze napr. zmazat userdata, ale nevie
poskodit/zastavit/nainfikovat ... system.
V danom pripade to vyzera na WIN* aj *NIX. Lebo IMHO pod Linuxom
(dokonca aj WXP), ak bezim flash, FF a vsetko pod userom, tak by aj v
pripade takehoto utoku mal byt poskodeny "iba user" (ono niekedy tieto
data mozu byt dolezitejsie a drahsie ako obnova system, ale to je uz ina
debata).
[samozrejme, nebavime, ze aj kernel moze mat dieru//ci o utoku s
vyuzitim kombinacii 2 bugov (napr. flash+kernel)]
've a nice day!
JK
--
Ing. Jan Kunder
jan.kunder-HATESPAM-gmail.com
http://www.kunder.sk
JKjkjk rozpmnqestka
Další informace o konferenci linux