good dan I will :> btw pure-ftpd does not seem to be affected by the zoneinfo file load
Am 13. Dezember 2011 21:42 schrieb Dan Rosenberg <[email protected]>: > On Tue, Dec 13, 2011 at 3:11 PM, HI-TECH . > <[email protected]> wrote: >> Yes you are somewhat right, as this is the old discussion about if >> code execution inside an ftpd >> is a vulnerability itself or only local code execution. I have the >> opinion that an ftpd which does not allow to run code >> should restrict the user so, and if there is a way to execute code it >> it is a vulnerability. >> Take the example of a vsftpd configured for anonymous ftp and write >> access in /var/ftp. The attacker might >> execute code using the vulnerability without authentication >> credentials, or for example an attacker only has >> access to a user account configured for ftp. >> Basically you are right, vsftpd uses privsep so its a not so risky >> vulnerability. >> >> /Kingcope > > I completely misread what you were asking about before. You're > exactly right, disregard my previous comment. > > -Dan > >> >> Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <[email protected]>: >>>> Anyone with an up2date linux local root which only makes use of syscalls? >>>> :> >>>> >>> >>> This is all fun stuff, and definitely worth looking into further, but >>> if you've got a local kernel exploit that you can trigger from inside >>> vsftpd, you don't need this (potential) vulnerability in vsftpd - you >>> already win. >>> >>> -Dan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
