Ipswitch Means Business

A while back I was fuzzing with Hzzp and found a remote format string vulnerability in Ipswitch’s WS_FTP. But, I couldn’t find a security contact for Ipswitch. I waited a few months and made the vulnerability public. The day afterwards, a representative from Ipswitch contacted me and I explained why I hadn’t contacted them previously. He was eager to get the vulnerability fixed and made the comment that they’ll need to do a better job publicizing the security contact information. I was happy to have had received a more professional, non-automated email from someone who seemed to care about the security of their company’s product.

I didn’t worry too much about the update process. I know it can take some companies months or even years to release new patches for vulnerabilities in their products, which most of the time is completely unreasonable. Then, a little more than two weeks later, I received an email from that same Ipswitch representative informing me that a new release of WS_FTP was available and the date in the Help->About window should say Sept 18th (10 days after we discussed the vulnerability). What an excellent example of how vendors should handle security issues within their products.

Fast response, efficient security policy, good business. Thanks Ipswitch!

Linux Kernel Bashing

This summer may have caused a few burden’s on linux administrators. By all the patching necessary to keep their systems out of the hands of those who would choose to exploit it, unless your using something like Ksplice, you’ve more than likely rebooted many times already. Well, here is one more reason to wake this early this morning…

New exploits for the “Linux NULL pointer dereference due to incorrect proto_ops initializations” vulnerability have been released, here and here. I just tried the second one out myself on a (currently) fully updated Ubuntu Jaunty workstation, with (_default_) successful results.

linux@ubuntu:~/2009-proto_ops$ sh run.sh
run.c: In function ‘main’:
run.c:13: warning: missing sentinel in function call
padlina z lublina!
# id
uid=0(root) gid=0(root) groups=4(adm),20(dialout),24(cdrom),46(plugdev)
# exit

A reliable local root exploit for that affects all linux kernels 2.x. Feels like 2003 all over again :X

Phrack #66 is out!

You can check it out here.

Now we have something to keep us busy while the net neutrality debates are going on…