[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Zero-Days Hitting Fedora and Ubuntu Open Desktops To a World of Hurt

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Zero-Days Hitting Fedora and Ubuntu Open Desktops To a World of Hurt
Thread replies: 9
Thread images: 1

Anonymous
Zero-Days Hitting Fedora and Ubuntu Open Desktops To a World of Hurt 2016-12-16 01:59:40 Post No. 58027711
[Report] Image search: [Google]
File: pOC62wM.jpg (65KB, 600x600px) Image search: [Google]
pOC62wM.jpg
65KB, 600x600px
Zero-Days Hitting Fedora and Ubuntu Open Desktops To a World of Hurt Anonymous 2016-12-16 01:59:40 Post No. 58027711 [Report]
It's the year of the Linux desktop getting pwned. Chris Evans (not the red white and blue one) has released a number of linux zero day exploits, the most recent of which employs specially crafted audio files to compromise linux desktop machines. Ars Technica reports: "'I like to prove that vulnerabilities are not just theoretical -- that they are actually exploitable to cause real problems,' Evans told Ars when explaining why he developed -- and released -- an exploit for fully patched systems. 'Unfortunately, there's still the occasional vulnerability disclosure that is met with skepticism about exploitability. I'm helping to stamp that out.' Like Evans' previous Linux zero-day, the proof-of-concept attacks released Tuesday exploit a memory-corruption vulnerability closely tied to GStreamer, a media framework that by default ships with many mainstream Linux distributions. This time, the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles. The two audio files are encoded in the SPC music format used in the Super Nintendo Entertainment System console from the 1990s. Both take aim at a heap overflow bug contained in code that emulates the console's Sony SPC700 processor. By changing the .spc extension to .flac and .mp3, GSteamer and Game Music Emu automatically open them."

http://arstechnica.com/security/2016/12/fedora-and-ubuntu-0days-show-that-hacking-desktop-linux-is-now-a-thing/
>>
Anonymous 2016-12-16 02:03:50 Post No.58027754
[Report]
Anonymous 2016-12-16 02:03:50 Post No.58027754 [Report]
>>58027711
Fucking normies popularized Ubuntu and now it's biting back.
Who would bother with that crap 5-8 years ago?
Nobody.
>>
愛してるさわこ (ID: !BE/4wes0mE) 2016-12-16 02:10:07 Post No.58027803
[Report]
愛してるさわこ (ID: !BE/4wes0mE) 2016-12-16 02:10:07 Post No.58027803 [Report]
libgme is unmaintained and most distributions don't even have it in tree.

Nobody is vulnerable to this attack.
>>
Anonymous 2016-12-16 02:17:07 Post No.58027864
[Report]
Anonymous 2016-12-16 02:17:07 Post No.58027864 [Report]
>>58027803
a media framework that by default ships with many mainstream Linux distributions.
>>
愛してるさわこ (ID: !BE/4wes0mE) 2016-12-16 02:19:51 Post No.58027891
[Report]
愛してるさわこ (ID: !BE/4wes0mE) 2016-12-16 02:19:51 Post No.58027891 [Report]
>>58027864
Except it doesn't.

Not even news.

Neither Firefox nor Chrome is vulnerable.
>>
Anonymous 2016-12-16 02:20:45 Post No.58027904
[Report]
Anonymous 2016-12-16 02:20:45 Post No.58027904 [Report]
>>58027864
That's what he claims, where's the proof.
>>
愛してるさわこ (ID: !BE/4wes0mE) 2016-12-16 02:22:09 Post No.58027915
[Report]
愛してるさわこ (ID: !BE/4wes0mE) 2016-12-16 02:22:09 Post No.58027915 [Report]
>>58027904
Its vulnerable if you are using gstreamer with webkit and some obscure super old gstreamer library that nobody has installed.
>>
Anonymous 2016-12-16 02:24:11 Post No.58027932
[Report]
Anonymous 2016-12-16 02:24:11 Post No.58027932 [Report]
>>58027711
These are not Linux 0days btw

What the article is describing is basically the same as tricking people to open a .pdf or .docx full of malware

No OS will ever be protect idiots from harming themselves by clicking on fishy email attachments, period.
>>
Anonymous 2016-12-16 02:28:03 Post No.58027978
[Report]
Anonymous 2016-12-16 02:28:03 Post No.58027978 [Report]
>>58027711
>the exploit takes aim at a flaw in a software library alternately known as Game Music Emu and libgme, which is used to emulate music from game consoles
The sort of people who would handle this kind of files deserve to be pwned
Thread posts: 9
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.