secondary discovery
I'm not sure I follow. Are you saying that the dishonest researcher
will not try to find vulnerabilities if there is no reward program
for
the honest ones?
He made a good example of a Slippery Slope.
--
Ramon de C Valle / Red Hat Product Security Team
More on exploiting glibc __tzfile_read integer overflow to buffer overflow and
vsftpd
http://rcvalle.com/post/14261796328/more-on-exploiting-glibc-tzfile-read-integer-overflow
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure
Exploiting glibc __tzfile_read integer overflow to buffer overflow and vsftpd
http://rcvalle.com/post/14169476482/exploiting-glibc-tzfile-read-integer-overflow-to
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe
@@
printf(%c, p[i]);
/* data we overflow with */
-for (i = 0; i 5; i++)
+for (i = 0; i 50; i++)
printf(A);
}
--
Ramon de C Valle / Red Hat Security Response Team
#include stdio.h
#include stdint.h
#include time.h
#include string.h
?
Not really. Because, in fact, the user, when chrooted, is writing to
/home/user/usr/share/zoneinfo/. I've suggested a different file context for
/home/(.*)/usr/share/zoneinfo(/.*) in vsftpd policy module. But I don't think
this will be necessary due to the recent findings about vsftpd.
--
Ramon de C
or anyone know a way to potentially exploit this vulnerability?
Cheers!
Thanks,
[1] http://dividead.wordpress.com/tag/heap-overflow/
[2] https://security.appspot.com/vsftpd.html
[3] For example /usr/share/zoneinfo/UTC-01:00
/Kingcope
--
Ramon de C Valle / Red Hat Security Response Team
you fix this in SELinux policy?
Thanks,
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
mitigated this.
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
But how can I state that ftp has access to the users homedir and not
allow access to user_home_t?
This is a good question. Actually, we shouldn't allow ftpd_t read the locale
files from within user_home_t directories. But now I'm not sure if this will be
possible.
--
Ramon de C Valle / Red
.
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
for /home/(.*)/usr/share/zoneinfo(/.*) in vsftpd
policy module would be a feasible solution? Will ftpd_t honour this when
creating new files?
--
Ramon de C Valle / Red Hat Security Response Team
___
Full-Disclosure - We believe in it.
Charter: http
11 matches
Mail list logo