Bugtraq: Re: vixie cron possible local root compromise

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: vixie cron possible local root compromise

From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
Date: Mon, 12 Feb 2001 15:46:20 -0800

Considering what overflows the buffer (your username), it would seem that
you'd need root access to begin with in order to craft an exploit. Am I
wrong?

Of course, maybe this could be some exotic new addition to a rootkit.

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Flatline
Sent: Saturday, February 10, 2001 3:38 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: vixie cron possible local root compromise

- Introduction:

Paul Vixie's crontab version 3.0.1-56 contains another buffer overflow
vulnerability.
I'm not sure whether it's exploitable or not, it needs to be
fixed however.

By Date By Thread

Current thread:

vixie cron possible local root compromise Flatline (Feb 12)
- Re: vixie cron possible local root compromise Blake R. Swopes (Feb 12)
  - Re: vixie cron possible local root compromise Robert Varga (Feb 14)
    - Re: vixie cron possible local root compromise Arthur Clune (Feb 15)
    - Re: vixie cron possible local root compromise Peter W (Feb 15)
    - Re: vixie cron possible local root compromise Flavio Veloso (Feb 16)
    - Re: vixie cron possible local root compromise Mate Wierdl (Feb 15)