[2206] in linux-security and linux-alert archive
[linux-security] Re: [RHSA-1999:030-01] Buffer overflow in cron daemon
daemon@ATHENA.MIT.EDU (Shaun Hedges)
Fri Aug 27 03:05:41 1999
From: Shaun Hedges <shaungh@home.com>
To: "linux-security@redhat.com" <linux-security@redhat.com>
Date: Thu, 26 Aug 1999 19:24:42 -0600
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
I wonder, if this was discovered by another source such as Debian why
haven't they made it public?
That doesn't fit the stature of a commercial distributor in the Linux
industry. It's more of an OpenBSD thing to discover bugs and say you
fixed them two years ago when someone else finds them.
[mod: Reformatted. Please watch your line lengths. -- REW]
CYA.
-----Original Message-----
From: Olaf Kirch [SMTP:okir@monad.swb.de]
Sent: Thursday, August 26, 1999 2:06 AM
To: bugtraq@securityfocus.com; linux-security@redhat.com
Subject: [linux-security] Re: [RHSA-1999:030-01] Buffer overflow in cron daemon
On Wed, Aug 25, 1999 at 09:17:20PM -0400, Bill Nottingham wrote:
> A buffer overflow exists in crond, the cron daemon. This
> could allow local users to gain privilege.
FYI, Caldera OpenLinux isn't vulnerable to this.
This problem was first discovered two years ago by someone at Debian.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
