Quote:
Originally Posted by John VV
then THAT VIDEO ( being a nicly hacked one calls curl to grab a file AS ROOT!!!!
now THAT IS VERY VERY BAD!!!!!
you just instilled a Trojan by playing a video AS ROOT
that is very BAD and you are a "Bleeped bleep" for doing it
Having your credit card stolen from the keyloger YOU LET BE INSTALLED is the least of your problems
|
You have such a good imagination.
And the guy probably thought of donwloading the file to be viewed locally and played it with VLC as root.
He also happens to be too unfortunate for having a vulnerable VLC version with vulnerable
blob-parsing libraries
- with vulnerable builds that the exploit despite being generic was luckily able to compromise his system.
He also happens to have a very outdated system not having any kind of kernel-level protection - even
commonly default ones like PaX/NX and ASLR.