me a weapon for the dishonest
> > "researcher" through secondary discovery
>
> I'm not sure I follow. Are you saying that the dishonest researcher
> will not try to find vulnerabilities if there is no reward program
> for
> the honest ones?
He made a good example of a Slip
More on exploiting glibc __tzfile_read integer overflow to buffer overflow and
vsftpd
http://rcvalle.com/post/14261796328/more-on-exploiting-glibc-tzfile-read-integer-overflow
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure
nt findings about vsftpd.
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
tzh_charcnt, evil2);
p = (char *)&evil;
@@ -68,6 +68,6 @@
printf("%c", p[i]);
/* data we overflow with */
-for (i = 0; i < 5; i++)
+ for (i = 0; i < 50; i++)
printf("A");
}
--
Ramon de
Exploiting glibc __tzfile_read integer overflow to buffer overflow and vsftpd
http://rcvalle.com/post/14169476482/exploiting-glibc-tzfile-read-integer-overflow-to
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in
if this will be possible.
A different file context for /home/(.*)/usr/share/zoneinfo(/.*) in vsftpd
policy module would be a feasible solution? Will ftpd_t honour this when
creating new files?
--
Ramon de C Valle / Red Hat Security Response Team
_
es. Transitions are defined per
domain in SELinux policy. For additional information, refer to:
http://danwalsh.livejournal.com/23944.html
>
> We're lucky nobody has looked into what should happen on an
> MLS-enabled system :)
I don't think sensitivity levels would make any
lease nuke the request".
Exactly. Thanks for putting this into more concise wording.
>
>
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
> But how can I state that ftp has access to the users homedir and not
> allow access to user_home_t?
This is a good question. Actually, we shouldn't allow ftpd_t read the locale
files from within user_home_t directories. But now I'm not sure if this will be
possible.
--
"usr_t" directories with "locale_t" type should have
completely mitigated this.
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
t type (i.e. user_home_t, in this case), which if don't allow would
have completely mitigated this issue. Dan, could you fix this in SELinux policy?
Thanks,
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in i
tOS, Fedora, or RHEL? I'm copying
Dan Walsh so he can comment on this.
>
> Regards,
Thanks for forwarding my message to the list. It seems that my Red Hat email
address has not yet been approved. John, can you approve this email address
please?
--
Ramon de C Valle / Red Hat Securit
from __tzfile_read frees
our controlled previously allocated chunk.
Do you or anyone know a way to potentially exploit this vulnerability?
>
> Cheers!
Thanks,
>
>[1] http://dividead.wordpress.com/tag/heap-overflow/
>[2] https://security.appspot.com/vsftpd.html
>[3] For exam
13 matches
Mail list logo
