Micah Gersten: I respect your judgement concerning whether this is a security bug or not, however I can see several ways an attacker can exploit this: 1. Using a MITM attack and on the fly replace the deb-file to be downloaded from adobe.com with a specially prepaid package as laid out here: http://securitytube.net/Ubuntu-Package-Backdoor-using-a-Metasploit-Payload-video.aspx or at http://www.offensive-security.com/metasploit-unleashed/ under "Client Sides Exploits" and "Binary Linux Trojans"
This attack can be avoided by downloading from the official repositories, since this would verify the signature of the package and therefore not allow an attacker to replace or inject code into it. 2. Adobe flash has a long history of security vulnerabilities, and as with any software it is essential that whenever a new advisory is published that effected systems get patched as soon as possible. This does not happen on a computer with Windows, since users most often download the software in question manually. This will be the same situation for a user of Linux if she/he installs software manually without any means of automatic updates. -- Firefox 3.5 Plugin Finder Service in Ubuntu Karmic 9.10 displays "No suitable plugins were found" for flash https://bugs.launchpad.net/bugs/440987 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
