lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 13 Dec 2011 21:50:00 +0100
From: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com>
To: Dan Rosenberg <dan.j.rosenberg@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: vsFTPd remote code execution

good dan I will :>
btw pure-ftpd does not seem to be affected by the zoneinfo file load

Am 13. Dezember 2011 21:42 schrieb Dan Rosenberg <dan.j.rosenberg@...il.com>:
> On Tue, Dec 13, 2011 at 3:11 PM, HI-TECH .
> <isowarez.isowarez.isowarez@...glemail.com> wrote:
>> Yes you are somewhat right, as this is the old discussion about if
>> code execution inside an ftpd
>> is a vulnerability itself or only local code execution. I have the
>> opinion that an ftpd which does not allow to run code
>> should restrict the user so, and if there is a way to execute code it
>> it is a vulnerability.
>> Take the example of a vsftpd configured for anonymous ftp and write
>> access in /var/ftp. The attacker might
>> execute code using the vulnerability without authentication
>> credentials, or for example an attacker only has
>> access to a user account configured for ftp.
>> Basically you are right, vsftpd uses privsep so its a not so risky
>> vulnerability.
>>
>> /Kingcope
>
> I completely misread what you were asking about before.  You're
> exactly right, disregard my previous comment.
>
> -Dan
>
>>
>> Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <dan.j.rosenberg@...il.com>:
>>>> Anyone with an up2date linux local root which only makes use of syscalls? :>
>>>>
>>>
>>> This is all fun stuff, and definitely worth looking into further, but
>>> if you've got a local kernel exploit that you can trigger from inside
>>> vsftpd, you don't need this (potential) vulnerability in vsftpd - you
>>> already win.
>>>
>>> -Dan

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ