Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Vixie cron vulnerability
From: Michal Zalewski <lcamtuf () COREDUMP CX>
Date: Tue, 8 May 2001 11:30:55 -0400

On Mon, 7 May 2001, Cade Cairns wrote:

Attached is a simple proof of concept for the vixie cron vulnerability
recently published in Debian Security Advisory DSA-054-1. The code was
written during SIA analysis of this vulnerability.

Hm, there is my original proof-of-concept I coded for Sebastian Krahmer
(who discovered this vulnerability), while working on it. This
vulnerability affects Debian, SuSE, and probably few other Linuxes as
well. It is a perfect example of bad coding, and how improper fixing of
bugs might lead to even more dangerous conditions. It is fully automated,
and I believe it gives absolutely nothing to the attacker, as this
vulnerability can be exploited by hand in approximately 5 seconds ;)

Michal Zalewski

Attachment: corntab

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]