Yes you are somewhat right, as this is the old discussion about if code execution inside an ftpd is a vulnerability itself or only local code execution. I have the opinion that an ftpd which does not allow to run code should restrict the user so, and if there is a way to execute code it it is a vulnerability. Take the example of a vsftpd configured for anonymous ftp and write access in /var/ftp. The attacker might execute code using the vulnerability without authentication credentials, or for example an attacker only has access to a user account configured for ftp. Basically you are right, vsftpd uses privsep so its a not so risky vulnerability.
/Kingcope Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <[email protected]>: >> Anyone with an up2date linux local root which only makes use of syscalls? :> >> > > This is all fun stuff, and definitely worth looking into further, but > if you've got a local kernel exploit that you can trigger from inside > vsftpd, you don't need this (potential) vulnerability in vsftpd - you > already win. > > -Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
