Page 1 of 5 123 ... LastLast
Results 1 to 10 of 50

Thread: What is the worst a browser exploit could do in Ubuntu?

  1. #1
    Join Date
    Mar 2012
    Beans
    143

    What is the worst a browser exploit could do in Ubuntu?

    Out of curiosity, let's say I visited a site that was designed to exploit Chrome. What is the worst it could do? Install a keylogger for example?

    Or would it basically be browser only?

  2. #2
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,783

    Re: What is the worst a browser exploit could do in Ubuntu?

    Theoretically, it can do anything that the logged in user can do.

    In practise, I haven't ever seen a successful browser exploit on Linux.

    However, I have had to clean a number of mismanaged Linux servers that were infested with spam sending engines. In all cases it was due to some asshats who thought that a four character root password was really super cool...

  3. #3
    Join Date
    Nov 2009
    Beans
    919
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: What is the worst a browser exploit could do in Ubuntu?

    The worst thing an exploit can do is cause the execution of commands you didn't intend to execute. But I wouldn't think it would lead to installation of a keylogger, because at that point the exploit developer could do basically anything, so there'd be no need for one.

    But as people are fond of saying, that usually doesn't happen. The economics of exploit development for criminal activity are such that it makes the most sense to go from exploit to malware installation, which is going to target Windows systems for the most part. It's not that it can't be done on Linux desktops, just that there's not much economic advantage or incentive in it.

    Most of the time the worst result will be that the application crashes.

  4. #4
    Join Date
    Mar 2011
    Beans
    701

    Re: What is the worst a browser exploit could do in Ubuntu?

    Chrome's a poor example, you can do very little with a compromised Chrome due to its sandbox. An attacker who exploits Chrome is very limited.

    If we talk about Firefox then it can do anything that the logged in user can do. It can keylog, write files to anywhere that your Firefox process can write them, read any files it can read, etc. Your attacker essentially "controls" Firefox's processes and it inherits those abilities.
    sig

  5. #5
    Join Date
    Nov 2012
    Beans
    27

    Re: What is the worst a browser exploit could do in Ubuntu?

    This scenario is hard to answer since it relies on so many different variables to give an answer in-depth. However, let us assume this is a default installation of Ubuntu being exploited.

    Scenario: You're surfing the Internet with your favorite browser and you stumble upon a malicious website that is compromising browsers with a shiny new zero-day.

    Cause: Assume the exploit has set the payload to download, compile and execute a bindshell. Now the bindshell is running with whatever account privileges the browser had when exploited. The attacker can now connect to you and further compromise your machine by escalating his/her privileges using whatever exploits he/she has access to.

    Prevention: Using secure App Armor profiles (not the default ones) to mitigate the damage compromised software can do would have likely prevented this from happening.

    If you get creative, there is so much someone could do given your criteria. However, my given scenario would be the most common and most dangerous of them.

    Even if IPTables were set up to disallow all incoming connections except for related/established ones, you would still be vulnerable, because it would be trivial to modify the aforementioned program to connect to the attacker instead of waiting for a remote connection (a reverse shell). Therefore, you are literally establishing the connection to the attacker, and once he/she has completely compromised the machine by escalating his/her privileges, there is no limit to what they could do.
    Last edited by KaosuX; November 4th, 2012 at 12:41 AM.

  6. #6
    Join Date
    Jun 2012
    Beans
    301

    Re: What is the worst a browser exploit could do in Ubuntu?

    Quote Originally Posted by KaosuX View Post
    {snip}
    Prevention: Using secure App Armor profiles (not the default ones) to mitigate the damage compromised software can do would have likely prevented this from happening.
    {snip /}
    Have you had a chance to review the Firefox profile provided by Jamie Strandboge of Canonical ?

    it came with my system in a disabled condition; I enabled it and tested it in complain mode; I have it running in fail mode now.

  7. #7
    Join Date
    Nov 2012
    Beans
    27

    Re: What is the worst a browser exploit could do in Ubuntu?

    Quote Originally Posted by mike acker View Post
    Have you had a chance to review the Firefox profile provided by Jamie Strandboge of Canonical ?

    it came with my system in a disabled condition; I enabled it and tested it in complain mode; I have it running in fail mode now.
    I have not reviewed this profile. I have actually taken the time to carefully create my own profiles for all of the software that I use. However, I will do a quick Google search and take a look at the suggested profile. If I find anything that can be improved, I will happily send the changes to its maintainer.

  8. #8
    Join Date
    Jan 2008
    Location
    USA
    Beans
    971
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: What is the worst a browser exploit could do in Ubuntu?

    Basically an attacker would have the same access to the machine that the user does. He wouldn't have root unless he has a separate exploit that allows him to escalate (i.e. a flaw in the OS). This means, in order to get root, he would need a browser exploit and an OS exploit.

    But even without root, he can initiate connections to servers and make your machine a spam bot, etc.

    As was mentioned, the probability of this happening is low, especially with Google Chrome. It uses 2 separate sandboxes. While it's probably not "impossible" to break out of them (a la pinky pie), it would be exceedingly difficult. You can give Firefox close to the same level of security with a strict AA profile.
    Occam's Razor for computers: Viruses must never be postulated without necessity -- nevius

    My Blog

  9. #9
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: What is the worst a browser exploit could do in Ubuntu?

    Quote Originally Posted by rookcifer View Post
    Basically an attacker would have the same access to the machine that the user does. He wouldn't have root unless he has a separate exploit that allows him to escalate (i.e. a flaw in the OS). This means, in order to get root, he would need a browser exploit and an OS exploit.

    But even without root, he can initiate connections to servers and make your machine a spam bot, etc.

    As was mentioned, the probability of this happening is low, especially with Google Chrome. It uses 2 separate sandboxes. While it's probably not "impossible" to break out of them (a la pinky pie), it would be exceedingly difficult. You can give Firefox close to the same level of security with a strict AA profile.
    It is not necessary to do privilege escalation via the vulnerability of Kernel of Linux. There are many ways to do privilege escalation. The easiler way is via the sudoer.

    It is not necessary that there is any vulnerability on the browser itself. The vulnerability may be coming from the website, such as XSS.

    Samiux
    Last edited by samiux; November 5th, 2012 at 09:38 AM. Reason: fix typo

  10. #10
    Join Date
    Feb 2008
    Beans
    606
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: What is the worst a browser exploit could do in Ubuntu?

    Quote Originally Posted by OpSecShellshock View Post
    The worst thing an exploit can do is cause the execution of commands you didn't intend to execute.
    The worst thing a browser exploit can do is install an addon which captures all your banking passwords and sends it to some guy in Russia who steals all your money and uses it to retire to Hawaii. That solely needs access to your account as your user ID.

    I'm far more concerned about that scenario than someone using a second exploit to install a rootkit so they can use my Ubuntu box as a spam server. That's why I only log into my bank from a separate Linux box which isn't used for anything other than work and banking.

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •