Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic li nk
From: Ann Cantelow <cantelow () ATLAS CSD NET>
Date: Sat, 4 Nov 2000 11:26:58 -0700

We found Dec/Compaq unpatched 4.0d vulnerable, but it was pointed out to
us that 4.0d with recommended patches is not vulnerable.  4.0g is not
vulnerable in our test, and we've been told 4.0f is not vulnerable.

Ann Cantelow

On Fri, 3 Nov 2000 perrycnd () WELLSFARGO COM wrote:

Tested on HP10.20 - vulnerable
      Solaris 2.5.1 - not vulnerable
      Dec 4.0d - not vulnerable

perrycnd () wellsfargo com

File : /usr/bin/crontab


           Tested in HP-UX 11.00


There is a vulneribility in "crontab" which allows users to read all files

without attaining root or file ownership privileges.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]