[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOSRhRNDmScC3aS9g40gaMEaLWnJxydfzt7vbf0B-ZS6-_9quQ@mail.gmail.com>
Date: Tue, 13 Dec 2011 15:42:43 -0500
From: Dan Rosenberg <dan.j.rosenberg@...il.com>
To: "HI-TECH ." <isowarez.isowarez.isowarez@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: vsFTPd remote code execution
On Tue, Dec 13, 2011 at 3:11 PM, HI-TECH .
<isowarez.isowarez.isowarez@...glemail.com> wrote:
> Yes you are somewhat right, as this is the old discussion about if
> code execution inside an ftpd
> is a vulnerability itself or only local code execution. I have the
> opinion that an ftpd which does not allow to run code
> should restrict the user so, and if there is a way to execute code it
> it is a vulnerability.
> Take the example of a vsftpd configured for anonymous ftp and write
> access in /var/ftp. The attacker might
> execute code using the vulnerability without authentication
> credentials, or for example an attacker only has
> access to a user account configured for ftp.
> Basically you are right, vsftpd uses privsep so its a not so risky
> vulnerability.
>
> /Kingcope
I completely misread what you were asking about before. You're
exactly right, disregard my previous comment.
-Dan
>
> Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <dan.j.rosenberg@...il.com>:
>>> Anyone with an up2date linux local root which only makes use of syscalls? :>
>>>
>>
>> This is all fun stuff, and definitely worth looking into further, but
>> if you've got a local kernel exploit that you can trigger from inside
>> vsftpd, you don't need this (potential) vulnerability in vsftpd - you
>> already win.
>>
>> -Dan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists