Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: New Adobe Flash and PDF exploit, How does it effect me?

  1. #1
    Join Date
    Jan 2009
    Location
    Taft, Republic of California. UTC -8
    Posts
    1,340

    Default New Adobe Flash and PDF exploit, How does it effect me?

    New Adobe Flash Bug Being Exploited | threatpost

    So as a Linux user how can my computer be compromised by these active exploits. I don't want to sound dumb but I really don't know. I don't use Acroread I use Ocular but my wife does on her 11.1 box but we both use Flashplayer quit a bit. Can I be rooted by these kinds of exploits or not?

  2. #2
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,941
    Blog Entries
    4

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    In the worst case you have to assume that any program that has a hole will give the attacker access as the user of the program. Which means that it could delete your files, steal your mail contacts, anything you could do as yourself. You can work out the ramifications of that and understand why people in these forums advise to minimise the time spent logged in as root.

    Flashplayer is probably the more critical one since one is never quite sure who provided a video at any of those sharing sites. But you could also get hit from a PDF document if it has been uploaded by an attacker.

    I really hate how sloppy Adobe is. There must have been about one patch per month or so for a long time.

  3. #3
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    16,407
    Blog Entries
    14

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    Still trying to work out how nsunday.exe ~temp.bat and nsunday.dll will work on my system....?
    contagio: CVE-2010-3654 Adobe Flash player zero day vulnerability
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  4. #4
    Join Date
    Jan 2009
    Location
    Taft, Republic of California. UTC -8
    Posts
    1,340

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    Quote Originally Posted by malcolmlewis View Post
    Still trying to work out how nsunday.exe ~temp.bat and nsunday.dll will work on my system....?
    contagio: CVE-2010-3654 Adobe Flash player zero day vulnerability
    No kidding.

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,941
    Blog Entries
    4

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    Quote Originally Posted by malcolmlewis View Post
    Still trying to work out how nsunday.exe ~temp.bat and nsunday.dll will work on my system....?
    contagio: CVE-2010-3654 Adobe Flash player zero day vulnerability
    Perhaps you would like the attacker to upload nsunday, temp.sh and nsunday.so?

  6. #6
    Join Date
    Jul 2009
    Location
    Calgary Alberta Canada
    Posts
    1,188

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    Quote Originally Posted by malcolmlewis View Post
    Still trying to work out how nsunday.exe ~temp.bat and nsunday.dll will work on my system....?
    contagio: CVE-2010-3654 Adobe Flash player zero day vulnerability
    They mention MAC OS/X, Linux, Solaris, UNIX but their target does indeed stipulate .exe .dll .com .bat which in the *nix world the .bat holds the only danger unless the *nix is running Windows in a virtualbox as Root! and with virtualbox given system wide access. When I was playing a flashplayer file about a month back, I did see adobe trying to load and run .dll's under Linux but all that happened was an entry in /var/log about failed attempt to access the Cwindows\system32\xxx.dll and a warning in adobe about pluggin could not be loaded some features may not be available.

    IMHO .bat which are scripts of a sort are the only real threat to Linux but if using virtualbox, all are of concern.
    When your up to your a** in Alligators it's pretty hard to remember you intended to drain the swamp (author unknown)

  7. #7
    Join Date
    Jul 2008
    Location
    Bellevue, WA
    Posts
    14,383

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    On Fri, 29 Oct 2010 03:06:02 +0000, techwiz03 wrote:

    > IMHO .bat which are scripts of a sort are the only real threat to Linux
    > but if using virtualbox, all are of concern.


    Virtualbox, VMware, WINE, QEMU - pretty much all those options would be a
    concern, not just VB.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  8. #8

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    I have been wanting to start a rant about Adobe for a while now.

    Is there a way to do .flv in Firefox in any other way but Flush or Shocknave?
    Their plugin is absolute garbage. I've never seen such poor performance from a single piece of software.
    Does it have to be 14MB? What does it do that VLC doesn't? Why can't we use VLC plugin to handle these blotchy, choppy, ugly, poorly compressed web vids?
    I guess VLC just doesn't do blotchy, choppy, ugly, poorly compressed. OH WELL.
    Adobe has, possibly illegally, cornered the market on blotchy, choppy, ugly, poorly compressed web vids and I'm pissed.
    You should be too.
    Where's the 64b version? I tried it and It don't work. HA, losers. That's right I just called you Adobe losers losers. Cause you ARE. All the money in the world and this is all you can come up with?
    You don't seem to putter around when it comes to getting OVERPRICED software licenses out to the gullible masses.
    Because of GIMP and Blender and Okular I DON'T NEED YOU.
    AT ALL. NEVER FOR ANYTHING.
    EXCEPT FLASH PLAYER.
    AND IT RUNS LIKE ****.
    ****!

  9. #9

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    Sorry, I went off topic.
    I just started a new thread for this in Soapbox. It is more comfy there.

    P.S. Love the forums here.

    Thanks

  10. #10
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,941
    Blog Entries
    4

    Default Re: New Adobe Flash and PDF exploit, How does it effect me?

    Quote Originally Posted by techwiz03 View Post
    They mention MAC OS/X, Linux, Solaris, UNIX but their target does indeed stipulate .exe .dll .com .bat which in the *nix world the .bat holds the only danger unless the *nix is running Windows in a virtualbox as Root! and with virtualbox given system wide access. When I was playing a flashplayer file about a month back, I did see adobe trying to load and run .dll's under Linux but all that happened was an entry in /var/log about failed attempt to access the Cwindows\system32\xxx.dll and a warning in adobe about pluggin could not be loaded some features may not be available.

    IMHO .bat which are scripts of a sort are the only real threat to Linux but if using virtualbox, all are of concern.
    The issue is really whether the attacker can inject attacker specified code and get it to execute. The extensions of the file are not an indication that Linux is safe. It may be that an example exploit was created only for Windows.

    Of course there may be other barriers on Linux to getting exploit code to execute, but any potential to run exploit code, whatever the name of the file, is of concern.

    All good distros take Flashplayer vulnerabilities seriously and you will surely see updated packages soon.

    Not only is Adobe's code quality of concern but the fact that they have a near monopoly on this niche is an issue. I'd like to see HTML5 video take over some share of the market and diversify it.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •