Bugtraq mailing list archives

Re: vixie cron...

From: Dmitry Alyabyev <dimitry () al org ua>
Date: Fri, 17 Nov 2000 11:30:04 +0200

Hi

Friday, November 17, 2000, 6:41:32 AM, Michal wrote:

Attached shell-script exploits fopen() + preserved umask vulnerability in
Paul Vixie's cron code. It will work on systems where /var/spool/cron is
user-readable (eg. 0755) - AFAIR Debian does so. RedHat (at least 6.1 and
previous) have mode 0700 on /var/spool/cron, and thus it isn't exploitable
in its default configuration... (ahmm, but this does NOT mean it is a
problem of o+rx bits, but of insecure umask() and fopen() calls).

I have no information about other distributions or systems - this exploit
should automagically detect if you are vulnerable or not (checking
/var/spool/cron, looking for Paul Vixie's crontab, etc). Please report
your findings to me and/or to BUGTRAQ.


Slackware 7.0 is not exploitable (not vixie's cron)
Mandrake 7.0 is not exploitable (on the reason of permissions on /var/spool/cron)

--
Dimitry

Current thread:

vixie cron... Michal Zalewski (Nov 17)
- Re: vixie cron... Szilveszter Adam (Nov 18)
- Re: vixie cron... Dmitry Alyabyev (Nov 18)
- <Possible follow-ups>
- Re: vixie cron... Michal Zalewski (Nov 18)