LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-03-2004, 09:57 PM   #1
Whiskers
Member
 
Registered: Jan 2004
Location: Lacey, WA
Distribution: SUSE 9.2
Posts: 102

Rep: Reputation: 15
Virus prevention, in particular the jpg exploit


I've been reading the new jpg exploit and wondering what I can do to protect my system. Even if my machine would be affected, my guess is that its a windows only virus? so I could in theory have in infection and not know it, and thus it could transfer to the windows boxes on the netwrok via samba shares. So what can i do to protect my system from getting infected with virus, both windows and linux viruses?

and just my 2 cents, if they would stop posting these exploits there wouldnt be as many viruses to exploit them!!
 
Old 10-03-2004, 10:07 PM   #2
320mb
Senior Member
 
Registered: Nov 2002
Location: pikes peak
Distribution: Slackware, LFS
Posts: 2,577

Rep: Reputation: 48
Re: Virus prevention, in particular the jpg exploit

Quote:
Originally posted by Whiskers
So what can i do to protect my system from getting infected with virus, both windows and linux viruses?
Turn OFF all active scripting in windows
Quote:
if they would stop posting these exploits there wouldnt be as many viruses to exploit them!!
NO, if M$ would stop putting out Lousy coded programs, then there would be nothing to exploit!!
 
Old 10-03-2004, 10:10 PM   #3
m00t00
Member
 
Registered: Sep 2004
Distribution: Slackware 10, Gentoo
Posts: 292

Rep: Reputation: 30
Security through obscurity does _not_ work. If people stopped posting exploits, only a smaller crowd would have them, true (mabye), but the damage would be bad, quite easily worse, for the simple fact that if the vendor doesnt know about it, they cant fix it.
 
Old 10-04-2004, 11:12 AM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,415

Rep: Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785Reputation: 2785
Mozilla anf Firefox have recent patches to fix this. eg Firefox is now 1.0.1
 
Old 10-04-2004, 12:53 PM   #5
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
i don't believe the linux jpeg libs have this vulnerability do they?
 
Old 10-04-2004, 08:09 PM   #6
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
no, linux isn't affected by this flaw...

the new firefox preview is simply that: a new firefox preview...
 
Old 10-05-2004, 01:15 AM   #7
RandomLinuxNewb
Member
 
Registered: Oct 2003
Distribution: Slackware
Posts: 101

Rep: Reputation: 15
I read that libjpg was updated recently for some buffer overflows so it's not just windows. Buffer Overflows are found in ALL code not just windows.
 
Old 10-05-2004, 02:31 AM   #8
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally posted by RandomLinuxNewb
I read that libjpg was updated recently for some buffer overflows so it's not just windows. Buffer Overflows are found in ALL code not just windows.
you are confused with the libpng issue we had a while back... that one did affect libpng-using applications on any operating system...

but this current exploit affects only windows products... it's a bug in microsoft's Graphic Device Interface (GDI)...

Quote:
This is --not-- the fault of the JPEG standard, and the JPEG committee has --no-- responsibility for either the problem or its suggested solutions. In view of the serious nature of this problem however, we recommend that all users of Microsoft products read the above notices and take appropriate action.
http://www.jpeg.org/newsrel10.html
 
Old 10-05-2004, 05:21 AM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
by the way, it looks like the firefox preview release patch was for an unrelated and non-critical issue:

http://www.theinquirer.net/?article=18882


Last edited by win32sux; 10-05-2004 at 05:24 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache XSS prevention abhijeetudas Linux - Security 5 03-22-2005 04:37 PM
renaming all JPG to jpg quickk Linux - Newbie 8 09-05-2004 02:23 AM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
Email spamming prevention m_sree Linux - Security 4 01-16-2003 09:54 AM
X Window Autostart Prevention Stephanie Linux - General 4 05-12-2001 02:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration