In the article, Adam shows that it is possible to get a remote shell if someone using the guest Ubuntu session does not practice safe surfing techniques. He also explains that even if remote access is gained the account really is locked down pretty well. Adam is a great guy, extremely knowledgeable about Ubuntu, and his article (and blog) are well worth your time.
Check it out:
Lately there has been a lot of hullabaloo about the Ubuntu Guest Account seen in Oneiric, though it’s been around for a while the feature has become much more visible. As such it has a lot of people having bad flashbacks from the Windows NT series Guest account. An interesting article written by Dan Dieterle at Cyber Arms addresses some of those concerns, and makes a valid point regarding a Social Engineering attack or some form of remote browser exploit.
The article warns users that a guest user could become the victim of a social engineering attack that leads to remote compromise, also scary is the fact that Firefox 7.0.1 POC exploit code has recently been released into the public that allows for remote compromise of the browser. What we’re going to explore here is, in the event this happens. What protections do this account offer, and is it in fact a security liability. The Guest Session account in case you do not know, does not require a password to access. For this discussion we will be using the Social Engineering Toolkit Java Applet vector that was discussed in Dan’s article, though it’s important to know a remote shell is a remote shell. For the “victim” machine we will have a fully patched Ubuntu 11.10 install , with a default configuration of UFW enabled. I’m not going to bother with AV for two reasons. One AV on Linux sucks (particularly the free products) and two our shell will never hit the hard drive so there is really nothing for AV to find here.