Clamav

Patrick O'Callaghan pocallaghan at gmail.com
Sat Apr 17 14:14:38 UTC 2010


On Sat, 2010-04-17 at 00:41 -0700, jdow wrote:
> > Which of the vulnerabilities discussed on the kernel list is
> > communicable via an email message in such a way as to compromise the
> > security of the target system without manual intervention on the
> part of
> > its user? Please be specific.
> 
> Here is a non-LKML reference with a full explanation of the problem:
> Some background:
> http://blog.ksplice.com/2010/03/null-pointers-part-i/
> How to exploit it:
> http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/
> 
> The exploit can be delivered through email and introduced into the
> machine via targeted social engineering. If you can be tricked into
> allowing it to run, you're toast. ANY means of getting into the
> machine and having code execute is sufficient to allow the exploit
> to run within the kernel at kernel privilege.

Did I say that Linux had no vulnerabilities? No. Did I say it could
never be crashed or taken over from a console session? No. I asked for
an example of a security bug exploitable via email with no manual
intervention (other than downloading the mail of course). You produce a
kernel bug which before it was fixed would have required the user to
manually run a downloaded program. (Note by the way that if the user
fetched the exploit via a web page or ftp session, i.e. via a slightly
different social engineering vector, ClamAV would not have intervened.)

In other words, you don't have an answer to the question I actually
asked, so you produce an answer to a different question which no-one
asked and is outside the scope of the OP's initial query. 

Discussions of Linux security are useful and IMHO well within the scope
of this mailing list, but they aren't the subject of this thread. Feel
free to start a different thread if you wish.

poc



More information about the users mailing list