naifINET.IT

• Next message: Iván Arce: "[CORE SDI ADVISORY] Cisco IOS HTTP server DoS"
• Previous message: Olle Segerdahl: "Advisory def-2000-02: Cisco Catalyst remote command execution"
• In reply to: Kris Kennaway: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Next in thread: Casper Dik: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Reply: Fabio Pietrosanti (naif): "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ops,
i could read only file that start with "#" as in the advisor ;))

Tested against also a Slackware 3.0 = Vulnerable .

naif

On Wed, 25 Oct 2000, Kris Kennaway wrote:

> On Wed, Oct 25, 2000 at 12:30:47PM +0200, Fabio Pietrosanti (naif) wrote:
> > Tested also on:
> >
> > FreeBSD 3.3 = Vulnerable
> > FreeBSD 2.2.8 = Vulnerable
>
> Are you sure? Our testing indicates that you can't read an arbitrary
> file, it must conform to cron syntax - basically meaning either all
> lines commented out with a #, or an actual cron job file.
>
> I don't have access to a 2.x machine to test (and in fact the 2.2.x
> series has not been officially supported for some time), but I believe
> 3.5-RELEASE has the above properties I describe.
>
> Kris
>
>

• Next message: Iván Arce: "[CORE SDI ADVISORY] Cisco IOS HTTP server DoS"
• Previous message: Olle Segerdahl: "Advisory def-2000-02: Cisco Catalyst remote command execution"
• In reply to: Kris Kennaway: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Next in thread: Casper Dik: "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Reply: Fabio Pietrosanti (naif): "Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]