[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] vsFTPd remote code execution
- To: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx>
- Subject: Re: [Full-disclosure] vsFTPd remote code execution
- From: "HI-TECH ." <isowarez.isowarez.isowarez@xxxxxxxxxxxxxx>
- Date: Tue, 13 Dec 2011 21:11:25 +0100
Yes you are somewhat right, as this is the old discussion about if
code execution inside an ftpd
is a vulnerability itself or only local code execution. I have the
opinion that an ftpd which does not allow to run code
should restrict the user so, and if there is a way to execute code it
it is a vulnerability.
Take the example of a vsftpd configured for anonymous ftp and write
access in /var/ftp. The attacker might
execute code using the vulnerability without authentication
credentials, or for example an attacker only has
access to a user account configured for ftp.
Basically you are right, vsftpd uses privsep so its a not so risky
vulnerability.
/Kingcope
Am 13. Dezember 2011 20:56 schrieb Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx>:
>> Anyone with an up2date linux local root which only makes use of syscalls? :>
>>
>
> This is all fun stuff, and definitely worth looking into further, but
> if you've got a local kernel exploit that you can trigger from inside
> vsftpd, you don't need this (potential) vulnerability in vsftpd - you
> already win.
>
> -Dan
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/