<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: crontab from vixie-cron allows read other users crontabs

Re: crontab from vixie-cron allows read other users crontabs

From: Richard Moore <rich_at_westpoint.ltd.uk>
Date: Wed, 06 Apr 2005 17:51:46 +0100

Karol Więsek wrote:
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).

It should be noted that files other than crontabs are valid
files as far as cron is concerned. This is because crontabs
may contain variable assignments and comments. This means
that it may be possible to read other configuration files
or scripts that confirm to the syntax used by cron.

Cheers

Rich.

-- 
Richard Moore, Principle Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

Received on Apr 06 2005

This message: [ Message body ]
Next message: Larry Seltzer: "RE: Microsoft Explorer Denial of Service"
Previous message: John Cobb: "[NOBYTES.COM: #6] CubeCart 2.0.6 - Information Disclosure"
In reply to: Karol Więsek: "crontab from vixie-cron allows read other users crontabs"
Next in thread: David Malone: "Re: crontab from vixie-cron allows read other users crontabs"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]