Goatse Security

Gaping Holes Exposed

Compiz vulnerability

33 Comments »

Goatse Security has had a lot of fun pointing out the devastating flaws in Apple’s shit-tastic software, but now it’s time to turn to the beloved mascot of the sweaty man-child open source community: Linux.

Linux weenies will often brag about how insecure Windows is compared to Linux. They’ll also argue that Linux is hard to take down with any sort of exploit. Well, it turns out that’s not quite true. Here’s a simple, step-by-step guide to owning the most popular Linux distribution out there today:

  1. Open a long URL beginning with “apt://” in a browser that handles the apt:// protocol.
  2. Er…
  3. That’s it.

Hope you weren’t doing anything important with that X session.

This bug is delightfully trivial to deploy. Just write a normal HTML page containing an iframe that takes a 10000 character apt:// URL as its source. Trick a Debian dickhead into opening it and the bug will take out Compiz, crashing your X session with a cryptic “Unexpected X error: BadAlloc (insufficient resources for operation) serial 1779 error_code 11 request_code 53 minor_code 0)” error. And at no extra cost, we’re also throwing in GNOME theme rendering breakage, which forces you to logout and log back in to get your buttons back!

The following Linux distributions are affected by this vulnerability:

  • Alinex
  • BLAG Linux and GNU
  • CentOS
  • ClearOS
  • Debian
  • DeMuDi
  • Feather Linux
  • Fedora
  • Foresight Linux
  • gnuLinEx
  • gNewSense
  • Kaella
  • Knoppix
  • Linspire
  • Linux Mint
  • Musix GNU/Linux
  • Parsix
  • Red Hat Enterprise Linux
  • Scientific Linux
  • SUSE Linux Enterprise Desktop
  • Ubuntu
  • Ututo

This exploit could never have been uncovered without the help of many highly skilled greyhats. I’d like to give shoutouts to incog, Murdox, sloth, vxp, mith, lulzsec, arab, Leon Kaiser, afed, GNAA, jax, Bantown, Sam Hovercar, 37signals, afed_, The Greater Association of PHP Programmers, goudatr0n, Rufas the earthworm, hepkitten, Girlvinyl, D8, EFNet #politics, DJ FUCK DA PARENTZ, Tory Jarmain, djb, my cat, my other cat, mao & amat, jwz, esr (but not rms), #stress, Lee Vartron, kayla, trelane, krashed, bikcmp, David J. Moore, Justin D. May, bittwist, DolemitE, Craig G. Mueller, sam, Christian Schlore, mith, 808chan, xyz, LeeB, Alex Pilosov, lec, Randi Harper and her aborted baby, Shaniqua, acidburn, Lord Nikon, Mikey Mattice, The Cereal Killer, The Phantom Phreak, DiKKy Heartiez, Adrian Lamo, BLACK_MAN, lysol, wispurs, vap0r, LiteralKa, #arab, Matthew Gore (str8sucker704), Richard Johannes III, and the good people at paedophilewatch.org who work tirelessly to keep our children safe online. Many eyes make even the deepest bug shallow!

Switch to our mobile site