|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: vixie cron...
From: Dmitry Alyabyev (dimitry
AL.ORG.UA)Date: Fri Nov 17 2000 - 03:30:04 CST
- Next message: Steve Fallin: "Re: Possible WatchGuard Firebox II DoS"
- Previous message: Michal Zalewski: "Re: vixie cron..."
- In reply to: Michal Zalewski: "vixie cron..."
- Reply: Dmitry Alyabyev: "Re: vixie cron..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi
Friday, November 17, 2000, 6:41:32 AM, Michal wrote:
> Attached shell-script exploits fopen() + preserved umask vulnerability in
> Paul Vixie's cron code. It will work on systems where /var/spool/cron is
> user-readable (eg. 0755) - AFAIR Debian does so. RedHat (at least 6.1 and
> previous) have mode 0700 on /var/spool/cron, and thus it isn't exploitable
> in its default configuration... (ahmm, but this does NOT mean it is a
> problem of o+rx bits, but of insecure umask() and fopen() calls).
> I have no information about other distributions or systems - this exploit
> should automagically detect if you are vulnerable or not (checking
> /var/spool/cron, looking for Paul Vixie's crontab, etc). Please report
> your findings to me and/or to BUGTRAQ.
Slackware 7.0 is not exploitable (not vixie's cron)
Mandrake 7.0 is not exploitable (on the reason of permissions on /var/spool/cron)
-- Dimitry
- Next message: Steve Fallin: "Re: Possible WatchGuard Firebox II DoS"
- Previous message: Michal Zalewski: "Re: vixie cron..."
- In reply to: Michal Zalewski: "vixie cron..."
- Reply: Dmitry Alyabyev: "Re: vixie cron..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]