Jump to content

Pair Of Linux Holes Put Users At Risk

Recommended Posts




"Linux users are at risk from serious security vulnerabilities in components used to view graphics and handle archives, according to researchers. The security holes, found in the imlib graphics library and the LHA archive tool, can be exploited via a specially crafted bitmap image or an LHarc-format archive to take over a Linux system. "

Link to post
Share on other sites

It just goes to show that any system can have holes.



"The bug was first identified late last month"

"The GNOME graphical user interface project this week released a patch for imlib, a basic library used in many image-viewing applications."


"The first could take effect if a user were tricked into extracting or testing a specially crafted archive. The second can only be exploited if a user were tricked into passing a specially crafted command line to the lha command. In the third, an attacker could create a directory with special characters in its name, which could lead to the execution of malicious commands."


I remember having folks using the Vax Cluster at the college where I worked try the new Logo compiler... it had turtle graphics and all! Of course, Logo was an acceptable shortcut for "Logoff" and that's just what it did.


It's good for everyone to know that if you do something stupid then bad things will happen and that no system is perfect. It's pretty cool that Open Source stuff seems to have a quicker repair time than MS's proprietary secret-squirrel stuff does. :ph34r:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...