|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Michal Zalewski (lcamtuf
COREDUMP.CX)Date: Tue May 08 2001 - 10:30:55 CDT
On Mon, 7 May 2001, Cade Cairns wrote:
> Attached is a simple proof of concept for the vixie cron vulnerability
> recently published in Debian Security Advisory DSA-054-1. The code was
> written during SIA analysis of this vulnerability.
Hm, there is my original proof-of-concept I coded for Sebastian Krahmer
(who discovered this vulnerability), while working on it. This
vulnerability affects Debian, SuSE, and probably few other Linuxes as
well. It is a perfect example of bad coding, and how improper fixing of
bugs might lead to even more dangerous conditions. It is fully automated,
and I believe it gives absolutely nothing to the attacker, as this
vulnerability can be exploited by hand in approximately 5 seconds ;)
Michal Zalewski
http://lcamtuf.coredump.cx
- TEXT/PLAIN attachment: corntab
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]