Home page logo

bugtraq logo Bugtraq mailing list archives

Re: vixie cron...
From: Michal Zalewski <lcamtuf () TPI PL>
Date: Fri, 17 Nov 2000 18:12:13 +0100

In order to summarize the responses I've received:


- Debian 2.2 is vulnerable; this exploit might need slight
  modifications in order to work properly (eg. /var/spool/cron/crontabs,
  which is 0755 as well, has to be used instead of /var/spool/cron)

- systems where vixie-cron has been installed manually seems to be
  vulnerable (this will include Solaris etc - but this exploit
  won't work or will require some modifications); well, general
  conditions are: o+x on /var/spool/cron and setuid vixie crontab.

- I still have no informations about other non RH-derived distributions
  and other systems shipping vixie-cron, but I would suspect at least
  part of them (if you have something to add, feel free to mail me),

Not vulnerable:

- most of RedHat-derived systems are not vulnerable (this includes
  Mandrake, Cobalt Linux and *probably* Corel Linux); Trustix is
  not vulnerable,

- Slackware is not using vixie-cron, of course (but have dangerous
  permissions, if you have replaced default cron with vixie, expect

- FreeBSD seems to be not vulnerable (other permissions).

That's it for now. I would like to thanks all the people who replied to my
mail - Dmitry Alyabyev, Mariusz Woloszyn, Ethan Benson, Oystein Viggen,
Szilveszter Adam, dbaseiv, Simple Nomad and Daniel Jacobowitz :)

Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]