| |||||||||||||
A story of three kernel vulnerabilitiesA story of three kernel vulnerabilitiesPosted Feb 20, 2013 13:52 UTC (Wed) by Trou.fr (subscriber, #26289)In reply to: A story of three kernel vulnerabilities by renox Parent article: A story of three kernel vulnerabilities
well it's a "real" issue but it's nothing compared to others that have a wide security impact as in every script kiddie can pwn a webserver :
1) outdated CMS with remote code execution (mostly PHP) 2) easy execution of any executable 3) ready to use exploit that works reliably as unprivileged user
The HFS+ vuln is not exploitable in that case. While it can be used for "physical" attacks like the USB key, it is not usable remotely.
_Thousands_ of servers have been compromised with that scenario :
(Log in to post comments)
A story of three kernel vulnerabilities Posted Feb 20, 2013 16:24 UTC (Wed) by bfields (subscriber, #19510) [Link]
In the late eighties/early nineties I seem to recall infected floppy disks were the main (or at least a very common) vector for virus transmission.
If people don't exchange data on usb keys as much as they used to on floppies, perhaps that wouldn't be as effective these days.
A story of three kernel vulnerabilities Posted Feb 20, 2013 23:59 UTC (Wed) by andrel (subscriber, #5166) [Link]
Supposedly Stuxnet was transmitted using a USB key.
A story of three kernel vulnerabilities Posted Feb 21, 2013 11:55 UTC (Thu) by Trou.fr (subscriber, #26289) [Link]
Stuxnet used a vulnerability in the Windows shell (the so-called LNK vulnerability), not in the filesystem code.
As for floppies, viruses spread mostly by running infected executables, not using vulns.
|
|||||||||||||