On Sat, 2010-04-17 at 00:41 -0700, jdow wrote: > > Which of the vulnerabilities discussed on the kernel list is > > communicable via an email message in such a way as to compromise the > > security of the target system without manual intervention on the > part of > > its user? Please be specific. > > Here is a non-LKML reference with a full explanation of the problem: > Some background: > http://blog.ksplice.com/2010/03/null-pointers-part-i/ > How to exploit it: > http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/ > > The exploit can be delivered through email and introduced into the > machine via targeted social engineering. If you can be tricked into > allowing it to run, you're toast. ANY means of getting into the > machine and having code execute is sufficient to allow the exploit > to run within the kernel at kernel privilege. Did I say that Linux had no vulnerabilities? No. Did I say it could never be crashed or taken over from a console session? No. I asked for an example of a security bug exploitable via email with no manual intervention (other than downloading the mail of course). You produce a kernel bug which before it was fixed would have required the user to manually run a downloaded program. (Note by the way that if the user fetched the exploit via a web page or ftp session, i.e. via a slightly different social engineering vector, ClamAV would not have intervened.) In other words, you don't have an answer to the question I actually asked, so you produce an answer to a different question which no-one asked and is outside the scope of the OP's initial query. Discussions of Linux security are useful and IMHO well within the scope of this mailing list, but they aren't the subject of this thread. Feel free to start a different thread if you wish. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
