Linux and Technology blog

October 17, 2006

Buffer Overflow in NVIDIA Binary Graphics Driver For Linux

Filed under: Driver, Hacking — rakeshvk @ 5:20 pm

The NVIDIA Binary Graphics Driver for Linux is vulnerable to a buffer overflow that allows an attacker to run arbitrary code as root. This bug can be exploited both locally or remotely (via a remote X client or an X client which visits a malicious web page).
A working proof-of-concept root exploit is included with this advisory.

The NVIDIA drivers for Solaris and FreeBSD are also likely to be vulnerable.

click here to access the exploit code

October 16, 2006

Google Code Search peers into programs’ flaws

Filed under: Hacking, Software — rakeshvk @ 5:13 pm

Want to know which programs have security issues that need to be fixed? Using Google Code Search, finding likely candidates is a snap.

Security professionals warned developers on Thursday that they need to be aware that their open-source repositories can now be easily mined, allowing attackers to target programs that are likely to be flawed. While Google could previously be used to look for specific strings, now the search engine riffles through code that much better.

“It is going deeper into places where code is publicly available, and it’s clearly picking up stuff really well,” said Chris Wysopal, chief technology officer of security startup Veracode. “This makes it easier and faster for attackers to find vulnerabilities–not for people that want to attack a (specific) Web site, but for people that want to attack any Web site.”

Read the full article

August 4, 2006

Hacking SUSE Linux Enterprise Desktop 10

Filed under: Hacking, Linux — rakeshvk @ 10:02 am

Novell’s SUSE Linux Enterprise Desktop (SLED) 10 is a decent business desktop operating system as-is. However, it does not appropriately meet the needs of a large portion of business professionals. Additionally, a great many regular consumers have been enchanted by SLED 10’s ease of use and high degree of stability, but are disappointed with the home desktop software selection. This guide will show you how to install or upgrade the Java Development Kit, install software from the SUSE Linux 10.1 package repositories, and enable DVD movie playback in SLED 10.

A warning

Following most of the directions in this guide will alter your operating system in ways that are not supported by Novell. This article will show you how to modify SLED 10, and force it to depart from the standard configuration. All of these hacks have been tested and are believed to do no harm to your software; there are always possibilities, though. >>>>

August 3, 2006

Centrino holed by Wi-Fi flaws

Filed under: Driver, Hacking — rakeshvk @ 6:27 pm

The bugs could allow Wi-Fi-based attacks or even wireless-enabled worms

Intel has issued patches for flaws in its Centrino device drivers and ProSet management software that affect the security of the wireless products.

 

Three flaws are addressed with the updates. One could allow an attacker to break into a PC via Wi-Fi or even create a worm that jumps from one wireless-enabled laptop to another, provided the computers are within each other’s range. Another security hole makes the system vulnerable to attacks that let a malicious user gain additional privileges, according to security experts at Sans Internet Storm Center and F-Secure. >>>>

How to launch Windows binaries on Linux directly

Filed under: Hacking, Linux, Software — rakeshvk @ 6:12 pm

Although I rarely run Windows these days, it seems I can’t break the habit of using one or two Windows applications instead of their open source equivalents. However, instead of having a full-blown Windows desktop, I prefer to run these programs on my GNU/Linux system with Wine. The problem is that I’m tired of having to enter cd ~/.wine/drive_c/Program\ Files\My\ Windows\ App; wine My\ Windows\ App.exe every time I want to launch one of these programs. Having shell scripts for each program is not a great solution either. Wouldn’t it be better to simply run My\ Windows\ App.exe directly on an XTerm? Fortunately the Linux kernel already lets you do that with a feature called binfmt_misc.

If you run your distribution’s stock kernel, chances are this feature is already available. If it’s not, or you prefer to build your own kernels, make sure to select CONFIG_BINFMT_MISC (Executable file formats -> Kernel support for MISC binaries) either built-in or as a module. In the latter case, make sure that the binfmt_misc module is auto-loaded during boot (on Debian and its derivatives run echo binfmt_misc >> /etc/modules). Mount bifmt_misc with the command mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc, or copy the following line to your /etc/fstab to have it mounted automatically on each boot: >>>>

Create a free website or blog at WordPress.com.