[Novalug] vulnerability in linux?

David A. Cafaro dac@cafaro.net
Thu Oct 3 12:11:39 EDT 2013


Well, not exactly, "local attacker" can mean your web browser, your
email client, your IM client, any application that connects to the
internet that can be hacked.  Once that application is hacked, it
becomes a "local attacker" running unknown code which tries to gain
additional privileges.

So that "local attacker" is actually the guy sitting in a coffee shop in
Rome sipping his coffee as he checks out what access your web browser
just granted him on your desktop.  No bedroom required.

Cheers,
David

On 10/03/2013 12:06 PM, Ed James wrote:
> Ayup - one refers to a "local attacker", which for a home user, implies that
> the attacker is in my bedroom.  In which case, he's the one with the
> problem.
> The other one refers to hacking a web server, which most home users
> don't have (ISPs are nasty that way).  I agree that it's an escalation
> issue.
> Somehow, I'm having a hard time getting concerned about these particular
> vulns.  I *am* impressed with those who can figure out such stuff (white or
> black hat) and somewhat impressed with those who resolve the issues.
> 
> Ed James
> 
> 
> On Thu, Oct 3, 2013 at 11:35 AM, Chuck Frain <linux@chuckfrain.net
> <mailto:linux@chuckfrain.net>> wrote:
> 
>     ...
>     Both of the vulns, from my quick look, reported in that article are
>     local escalation issues. So an attacker would first have to gain shell
>     access to your machine before being able to escalate to root privlidges.
>     ...
> 
> 
> 
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
> 



More information about the Novalug mailing list