[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] ProFTPD Configuration Problem



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Markus Gaugusch wrote:
| Comparing the complexity of the kernel with a simple thing like an FTP
| daemon is not really what I call good argumentation ...

Ok, apache vs proftpd, or sendmail vs proftpd, or pptpd vs proftpd, or
mysql vs proftpd, or named vs proftpd?
Is that argumentation? :)


| Also, I can't remember any _remotely_ exploitable bug in kernel, which is
| again something different compared with an ftpd.
| Markus

Hmm, what you call "_remotely_" kernel bug?
You think, that do_brk() or memremap() not a remotely kernel  bug? You
wrong, unfortunately!
Apache + PHPBB(or other message board with bug's) + do_brk()   = voila,
_remotely_ and exploitable kernel bug!


- --
Boris B. Zhmurov
DialogueScience, Inc. Technical department.
40 Vavilova St., Moscow, 119991, Russia
Tel.: (+7-095) 137-0150, 135-6253
HTTP://www.antivir.ru FTP://ftp.antivir.ru
"wget http://bb.dials.ru/bb_public_key.pgp -O - | gpg --import"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAI3jJmEQixi5w37YRAjiaAJ4xQTqfQdzpNri7c6uB5FyO0txLHQCeK33O
hKkTcQDnOYkS/pcdh57WHOc=
=mTLS
-----END PGP SIGNATURE-----

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here