Full Disclosure: Re: vsFTPd remote code execution

["HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>]

good dan I will :>
btw pure-ftpd does not seem to be affected by the zoneinfo file load

Am 13. Dezember 2011 21:42 schrieb Dan Rosenberg <dan.j.rosenberg () gmail com>:
> On Tue, Dec 13, 2011 at 3:11 PM, HI-TECH .
> <isowarez.isowarez.isowarez () googlemail com> wrote:
> > Yes you are somewhat right, as this is the old discussion about if
> > code execution inside an ftpd
> > is a vulnerability itself or only local code execution. I have the
> > opinion that an ftpd which does not allow to run code
> > should restrict the user so, and if there is a way to execute code it
> > it is a vulnerability.
> > Take the example of a vsftpd configured for anonymous ftp and write
> > access in /var/ftp. The attacker might
> > execute code using the vulnerability without authentication
> > credentials, or for example an attacker only has
> > access to a user account configured for ftp.
> > Basically you are right, vsftpd uses privsep so its a not so risky
> > vulnerability.
> >
> > /Kingcope
> I completely misread what you were asking about before.  You're
> exactly right, disregard my previous comment.
>
> -Dan
>
> > Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <dan.j.rosenberg () gmail com>:
> > > > Anyone with an up2date linux local root which only makes use of syscalls? :>
> > > This is all fun stuff, and definitely worth looking into further, but
> > > if you've got a local kernel exploit that you can trigger from inside
> > > vsftpd, you don't need this (potential) vulnerability in vsftpd - you
> > > already win.
> > >
> > > -Dan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/