Bugtraq mailing list archives

Re: vixie cron possible local root compromise

From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
Date: Mon, 12 Feb 2001 15:46:20 -0800

Considering what overflows the buffer (your username), it would seem that
you'd need root access to begin with in order to craft an exploit. Am I
wrong?

Of course, maybe this could be some exotic new addition to a rootkit.

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Flatline
Sent: Saturday, February 10, 2001 3:38 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: vixie cron possible local root compromise

- Introduction:

Paul Vixie's crontab version 3.0.1-56 contains another buffer overflow
vulnerability.
I'm not sure whether it's exploitable or not, it needs to be
fixed however.

Current thread:

vixie cron possible local root compromise Flatline (Feb 12)
- Re: vixie cron possible local root compromise Blake R. Swopes (Feb 12)
  - Re: vixie cron possible local root compromise Robert Varga (Feb 14)
    - Re: vixie cron possible local root compromise Arthur Clune (Feb 15)
    - Re: vixie cron possible local root compromise Peter W (Feb 15)
    - Re: vixie cron possible local root compromise Flavio Veloso (Feb 16)
    - Re: vixie cron possible local root compromise Mate Wierdl (Feb 15)
- Re: vixie cron possible local root compromise Peter van Dijk (Feb 12)
- Re: vixie cron possible local root compromise Valentin Nechayev (Feb 12)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
  - Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 13)
    - (CORRECTION) Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 14)

(Thread continues...)