Bugtraq mailing list archives
Re: Vixie Crontab exploit code
From: rjp () BROWSER ORG (rjp () BROWSER ORG)
Date: Tue, 7 Sep 1999 07:15:29 +0100
In message <19990902004829.A2579 () ohhara postech ac kr>, Taeho Oh writes:
# Tested redhat linux : 4.2, 5.0, 5.1, 6.0 # Tested vixie crontab version : 3.0.1
Tried this on a non-hardened SuSE 6.1 with cron 3.0.1 with no result. The script didn't change the DefaultUser for sendmail to start with because SuSE doesn't use numeric ids in it's sendmail.cf. I also fixed the script so that the user-created sendmail.cf actually had DefaultUser=0:0 (I think this was just a typo -- /tmp/sendmail.cf gets created with DefaultUser=0:0 but then is overwritten with the value from /etc/sendmail.cf.) Even with those two fixes, I still just get a shell owned by my uid/gid. -- rob partington % rjp () browser org % http://lynx.browser.org/
Current thread:
- Re: Vixie Crontab exploit code Michal Zalewski (Jul 06)
- <Possible follow-ups>
- Vixie Crontab exploit code Taeho Oh (Sep 01)
- Re: Vixie Crontab exploit code rjp () BROWSER ORG (Sep 06)