On Tue, Dec 13, 2011 at 3:11 PM, HI-TECH . <[email protected]> wrote: > Yes you are somewhat right, as this is the old discussion about if > code execution inside an ftpd > is a vulnerability itself or only local code execution. I have the > opinion that an ftpd which does not allow to run code > should restrict the user so, and if there is a way to execute code it > it is a vulnerability. > Take the example of a vsftpd configured for anonymous ftp and write > access in /var/ftp. The attacker might > execute code using the vulnerability without authentication > credentials, or for example an attacker only has > access to a user account configured for ftp. > Basically you are right, vsftpd uses privsep so its a not so risky > vulnerability. > > /Kingcope
I completely misread what you were asking about before. You're exactly right, disregard my previous comment. -Dan > > Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <[email protected]>: >>> Anyone with an up2date linux local root which only makes use of syscalls? :> >>> >> >> This is all fun stuff, and definitely worth looking into further, but >> if you've got a local kernel exploit that you can trigger from inside >> vsftpd, you don't need this (potential) vulnerability in vsftpd - you >> already win. >> >> -Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
