Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services

secondary discovery I'm not sure I follow. Are you saying that the dishonest researcher will not try to find vulnerabilities if there is no reward program for the honest ones? He made a good example of a Slippery Slope. -- Ramon de C Valle / Red Hat Product Security Team

[Full-disclosure] More on exploiting glibc __tzfile_read integer overflow to buffer overflow and vsftpd

More on exploiting glibc __tzfile_read integer overflow to buffer overflow and vsftpd http://rcvalle.com/post/14261796328/more-on-exploiting-glibc-tzfile-read-integer-overflow -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure

[Full-disclosure] Exploiting glibc __tzfile_read integer overflow to buffer overflow and vsftpd

Exploiting glibc __tzfile_read integer overflow to buffer overflow and vsftpd http://rcvalle.com/post/14169476482/exploiting-glibc-tzfile-read-integer-overflow-to -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure - We believe

Re: [Full-disclosure] vsFTPd remote code execution

@@ printf(%c, p[i]); /* data we overflow with */ -for (i = 0; i 5; i++) +for (i = 0; i 50; i++) printf(A); } -- Ramon de C Valle / Red Hat Security Response Team #include stdio.h #include stdint.h #include time.h #include string.h

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

? Not really. Because, in fact, the user, when chrooted, is writing to /home/user/usr/share/zoneinfo/. I've suggested a different file context for /home/(.*)/usr/share/zoneinfo(/.*) in vsftpd policy module. But I don't think this will be necessary due to the recent findings about vsftpd. -- Ramon de C

Re: [Full-disclosure] VSFTPD Remote Heap Overrun (low severity)

or anyone know a way to potentially exploit this vulnerability? Cheers! Thanks, [1] http://dividead.wordpress.com/tag/heap-overflow/ [2] https://security.appspot.com/vsftpd.html [3] For example /usr/share/zoneinfo/UTC-01:00 /Kingcope -- Ramon de C Valle / Red Hat Security Response Team

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

you fix this in SELinux policy? Thanks, -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

mitigated this. -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

But how can I state that ftp has access to the users homedir and not allow access to user_home_t? This is a good question. Actually, we shouldn't allow ftpd_t read the locale files from within user_home_t directories. But now I'm not sure if this will be possible. -- Ramon de C Valle / Red

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

. -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)

for /home/(.*)/usr/share/zoneinfo(/.*) in vsftpd policy module would be a feasible solution? Will ftpd_t honour this when creating new files? -- Ramon de C Valle / Red Hat Security Response Team ___ Full-Disclosure - We believe in it. Charter: http