A second remote hole for OpenBSD
Posted Mar 15, 2007 3:52 UTC (Thu) by tetromino
In reply to: A second remote hole for OpenBSD
Parent article: A second remote hole for OpenBSD
IMHO, you have misinterpreted the advisories.
http://secunia.com/advisories/13232/ refers to the first part of the advisory (note the ), which is a true remote exploit:
"Stefan Esser has reported multiple vulnerabilities within the smb filesystem (smbfs) implementation that are caused due to various types of errors when handling server responses.
Successful exploitation requires that a malicious person has control over a smb server or is able to intercept and manipulate traffic."
The "local users" refers to the second part of the advisory (the unix_dgram_recvmsg() issue). For some reason, Secunia's summary blurb only describes the second part. Go figure.
"A signedness error in the "bluez_sock_create()" function when creating bluetooth sockets can potentially be exploited to gain root privileges on a vulnerable system."
If I'm reading this right, a malicious user can take over a server by crafting malicious bluetooth packets, in other words, that's a remote root. (Remember, bluetooth devices can be very long-range: http://www.smallnetbuilder.com/content/view/24256/98/)
to post comments)