Re: Vixie cron vulnerability

[Kris Kennaway <kris () obsecurity org>]

On Tue, May 08, 2001 at 02:01:21PM -0700, Jay D. Dyson wrote:
> On Tue, 8 May 2001, Edwin Chiu wrote:
>
> > The exploit failed for:
> > Redhat 6.1
> >     vixie-cron-3.0.1-39
> > Redhat 6.2
> >     vixie-cron-3.0.1-40
>
>       *nod* I wrote to Cade directly regarding the advisory as it seems
> to me that the issue is more a matter of Debian's implementation of Vixie
> cron than an issue with Vixie cron itself.  I'm still futzing with it to
> see if any other implementations will squeal.  Fun and interesting results
> will be posted when found.  ;)

I think this is a Linux-specific "enhancement" to vixie cron; nothing
remotely similar to the affected code seems to be in the FreeBSD
version, and I thought we were using the most recent vendor version.

Kris

Attachment: _bin
Description: