Bugtraq: Re: Root shell vixie cron exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Root shell vixie cron exploit

From: gvs () RINET RU (Seva Gluschenko)
Date: Wed, 1 Sep 1999 21:08:55 +0400


Message from Michal Zalewski at Jul 5 14:20 in parts:

 MZ> For script kiddiez, here's an exploit for recent vixie-cron vulnerability,
 MZ> giving instant root shell. Thought it will help script kiddies, but as
 MZ> Martin Schulze included almost step-by-step guide how to abuse Sendmail
 MZ> flags, this exploit won't bring anything shocking - simply, it's working
 MZ> example.

man sendmail:
/-C
...skipping...
        -Cfile  Use alternate configuration file.  Sendmail refuses to run
                as root if an alternate configuration file is specified.

and it does, for sure %-).

Just tested this on different versions of FreeBSD and had no effects
except Mail Delivery message:

The following address has permanent fatal errors:
-C/tmp/vixie-cf gvs

So, sendmail _really_ refuses to accept -C key when run as root

SY, Seva Gluschenko, just stranger at the Road. | http://gvs.rinet.ru/
Cronyx Plus / RiNet network administrator.      | GVS-RIPE | GVS3-RIPN

By Date By Thread

Current thread:

Root shell vixie cron exploit Michal Zalewski (Jul 05)
- Re: Root shell vixie cron exploit Seva Gluschenko (Sep 01)
  - Re: Root shell vixie cron exploit Michal Zalewski (Sep 01)
  - Re: Root shell vixie cron exploit John Kennedy (Sep 03)
    - Re: Root shell vixie cron exploit Peter Wemm (Sep 07)
    - Re: Root shell vixie cron exploit Raymond Dijkxhoorn (Sep 07)
  - Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)