Bugtraq: Re: Root shell vixie cron exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Root shell vixie cron exploit

From: christos () ZOULAS COM (Christos Zoulas)
Date: Fri, 3 Sep 1999 21:42:22 -0400


On Sep 1,  9:08pm, gvs () RINET RU (Seva Gluschenko) wrote:
-- Subject: Re: Root shell vixie cron exploit

| The following address has permanent fatal errors:
| -C/tmp/vixie-cf gvs
|
| So, sendmail _really_ refuses to accept -C key when run as root

You've reached the wrong conclusion. *BSD's cron uses -t and passes
recipients through stdin (which is TRT), instead of kluges to parse
MAILTO and ignore things that start with -.

christos

By Date By Thread

Current thread:

Re: Root shell vixie cron exploit, (continued)
- Re: Root shell vixie cron exploit Seva Gluschenko (Sep 01)
  - Re: Root shell vixie cron exploit Michal Zalewski (Sep 01)
  - Re: Root shell vixie cron exploit John Kennedy (Sep 03)
    - Re: Root shell vixie cron exploit Peter Wemm (Sep 07)
    - Re: Root shell vixie cron exploit Raymond Dijkxhoorn (Sep 07)
  - Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)
  - [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
  - Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
  - gftp Oscar Haeger (Sep 05)
    - Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
    - fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)