Full Disclosure mailing list archives
VSFTPD Remote Heap Overrun (low severity)
From: "HI-TECH ." <isowarez.isowarez.isowarez () googlemail com>
Date: Sat, 3 Dec 2011 01:50:52 +0100
This is afaik a patched CVE in Linux glibc [1] which can be triggered through the very secure ftp daemon [2] so it will only work on older linux distros. Be aware that vsftpd has privilege seperation built in so this bug will not yield a root shell. It could yield root only in junction with a linux kernel vulnerability because the attacker will not be able to break the chroot without being root. This bug has a low severity because it's hard to exploit. Linux systems without patched glibc are vulnerable even if the latest version vsftpd-2.3.4 is installed. The bug is in the glibc timezone code. vsftpd loads timezone files from /usr [3]. If the attacker is inside a chroot he can easily create this directory and the timezone file and trigger the heap overrun. A Debugging Session illustrating the bug can be found on youtube: http://www.youtube.com/watch?v=KRCuozBM_dQ Cheers! [1] http://dividead.wordpress.com/tag/heap-overflow/ [2] https://security.appspot.com/vsftpd.html [3] For example /usr/share/zoneinfo/UTC-01:00 /Kingcope _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- VSFTPD Remote Heap Overrun (low severity) HI-TECH . (Dec 02)
- <Possible follow-ups>
- Re: VSFTPD Remote Heap Overrun (low severity) Ramon de C Valle (Dec 12)
- Message not available
- Fwd: VSFTPD Remote Heap Overrun (low severity) HI-TECH . (Dec 09)
- Re: Fwd: VSFTPD Remote Heap Overrun (low severity) GloW - XD (Dec 09)
- Re: Fwd: VSFTPD Remote Heap Overrun (low severity) GloW - XD (Dec 09)
- Message not available
- Re: VSFTPD Remote Heap Overrun (low severity) Ramon de C Valle (Dec 12)
- Fwd: VSFTPD Remote Heap Overrun (low severity) HI-TECH . (Dec 12)
- Re: Fwd: VSFTPD Remote Heap Overrun (low severity) Ramon de C Valle (Dec 12)
- Re: Fwd: VSFTPD Remote Heap Overrun (low severity) Daniel J Walsh (Dec 13)
- Re: Fwd: VSFTPD Remote Heap Overrun (low severity) Ramon de C Valle (Dec 12)
- Re: Fwd: VSFTPD Remote Heap Overrun (low severity) Daniel J Walsh (Dec 13)
- Fwd: VSFTPD Remote Heap Overrun (low severity) HI-TECH . (Dec 12)