Bugtraq: Re: crontab from vixie-cron allows read other users crontabs

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: crontab from vixie-cron allows read other users crontabs

From: Gadi Evron <ge () linuxbox org>
Date: Thu, 07 Apr 2005 00:24:44 +0400

Karol Więsek wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Name:                   vixie-cron


[snip]

Details:

Insufficient checks allows user to change during edition regular file to
symbolic link to any file. While copying crontab uses root permisions,
but also checks entrys, so attacker is only able to read properly
formated crontab files (another users crontabs).


[snip]

It should be noted that this is redhat specific, not in "vixie-cron".

*sniff*

        Gadi.

By Date By Thread

Current thread:

crontab from vixie-cron allows read other users crontabs Karol Więsek (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs Richard Moore (Apr 06)
- Re: crontab from vixie-cron allows read other users crontabs David Malone (Apr 07)
- Re: crontab from vixie-cron allows read other users crontabs Gadi Evron (Apr 07)