[exploits] dkftpbench 0.45 (Platoon:init) Local buffer overflow vulnerability
Gadi Evron
ge at linuxbox.org
Tue Mar 20 05:05:16 CDT 2007
On Tue, 20 Mar 2007, Knud Erik Højgaard wrote:
> On 3/19/07, starcadi <starcadi at gmail.com> wrote:
> > aaah! because your security research is based only on "local root
> > vulns" or "local root exploits"? oh.. sorry i have different idea
> > about security.
>
> hubba hubba, my idea on security is based around privilege escalation,
> unauthorized remote access and stuff like that. We can even use the
> CIA model [1] if you want - perhaps your findings are just beyond my
> grasp, but I fail to see how this affects anyone in any significant
> way.
It is not for us to ask how a vulnerability can be exploited, but rather
if it is there.
Three years from now or 7 years ago, another vulnerability potentially
becomes critical due to a combination with this one. Plus, how are we to
tell this bug won't one day be used to assist a full compromise? Even
memory leaks can be treated as important due to the potential of what
others can do WITH them to get something else.
As to your "remote or nothing" approach, a local vulnerability will often
be just what you need after a close-to-useless remote one. Together they
are the attack.
Gadi.
> [1] http://en.wikipedia.org/wiki/CIA_triad
> --
> _______________________________________________
> exploits mailing list - in honour of rootshell
> Send an exploit: exploits at whitestar.linuxbox.org
> http://whitestar.linuxbox.org/mailman/listinfo/exploits
>
More information about the exploits
mailing list