[svlug] Restricting privileges

Rick Moen rick at svlug.org
Thu Jan 15 19:40:44 PST 2015


Ivan Sergio Borgonovo wrote:

> So even for this year ffox is in front of Chrom* in the remote code
> execution competition ;) Nostalgia.

That depends, in part, on how much Google's 2013 fork of WebKit ('Blink')
has in common with Apple WebKit (which codebase was in turn a fork of KDE's
kHTML engine).  Quoting from https://lwn.net/Articles/628842/:


webkitgtk: multiple vulnerabilities

Package(s): webkitgtk	

CVE #(s): CVE-2014-1344 CVE-2014-1384 CVE-2014-1385 CVE-2014-1386
CVE-2014-1387 CVE-2014-1388 CVE-2014-1389 CVE-2014-1390

Created: January 12, 2015

Description: From the CVE entrie:

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in
APPLE-SA-2014-05-21-1. (CVE-2014-1344)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1384)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1385)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1386)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1387)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1388)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1389)

WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, allows
remote attackers to execute arbitrary code or cause a denial of service
(memory corruption and application crash) via a crafted web site, a
different vulnerability than other WebKit CVEs listed in HT6367.
(CVE-2014-1390)

Alerts:  Fedora	FEDORA-2015-0500	webkitgtk	2015-01-11
         Fedora	FEDORA-2015-0500	webkitgtk3	2015-01-11


(I don't know what in Fedora presently uses Apple-derived
webkitgtk/webkitgtk3, but there you have it.  As to wwhether Blink is
equally affected, I really have no idea, but it might be, given strong
common code history.)




As a slight correction, none of the several recent Mozilla CVEs have any
known exploit, only (as is so often the case) speculation that they could 
eventually be used to develop one.





More information about the svlug mailing list