[1679] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-alert] KSR[T] #005: Dillon crontab / crond

daemon@ATHENA.MIT.EDU (KSR\[T\])
Tue Dec 9 14:09:33 1997

Date: Tue, 9 Dec 1997 03:15:45 -0800 (PST)
From: "KSR\[T\]" <ksrt@dec.net>
To: BUGTRAQ@NETSPACE.ORG
Cc: linux-security@redhat.com
Resent-From: linux-alert@redhat.com
Reply-To: linux-alert@redhat.com

-----                                                     
KSR[T] Website : http://www.dec.net/ksrt
E-mail: ksrt@dec.net                                      
-----                

                                                          KSR[T] Advisory #005
                                                          Date:   Dec  6, 1997
                                                          ID #:   lin-dcrn-005 

Operating System(s): Slackware 3.4

Affected Program:    dillon crontab / crond ( dcron 2.2 )

Problem Description: The crond that comes with Slackware 3.4 contains
                     a locally exploitable buffer overflow.  When crond
                     attempts to run a particular cronjob, it will take
                     the user specified command line and copy it into
                     an automatic variable via vsprintf().  ( This is
                     done when the function RunJob() calls fdprintf(),
                     in job.c and subs.c respectively. )
               
                     A quick glance shows another potential overflow
                     in subs.c, involving the logging functions.  This
                     is also fixed in the patch below.

Compromise:          Users with an account on the machine can gain 
                     root access.

Patch/Fix:           We would like to thank Erik Schorr for prividing
                     us with this patch:

-- cut here --
 
Slackware 3.4 crond fix
 
/usr/sbin/crond is installed with the bin.tgz package in Slackware 3.4.  A
patched version of this package is available from the Slackware FTP site:
 
ftp://ftp.cdrom.com/pub/linux/slackware-3.4/slakware/a2/bin.tgz
 
The source and patch can also be found on the FTP site:
 
ftp://ftp.cdrom.com/pub/linux/slackware-3.4/source/a/bin/dcron22.tar.gz
ftp://ftp.cdrom.com/pub/linux/slackware-3.4/source/a/bin/dcron22.diff.gz
 
MD5 sums for the source, patch, and binary package follow:
 
a76744f19a9361cb5b5d93dcc2bf503f  bin.tgz
9eb478dba39eb8a708dbd6764d6c6ad9  dcron22.tar.gz
c248f7871cf6ba84267cbd90c9c3f084  dcron22.diff.gz
 
-- cut here --


home help back first fref pref prev next nref lref last post