[11713] in bugtraq
Re: Vixie Crontab exploit code
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Tue Sep 7 13:04:42 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <lcamtuf.4.05.9907061832050.584-100000@nimue.ids.pl>
Date: Tue, 6 Jul 1999 18:33:34 +0200
Reply-To: Michal Zalewski <lcamtuf@IDS.PL>
From: Michal Zalewski <lcamtuf@IDS.PL>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
On Thu, 2 Sep 1999, Taeho Oh wrote:
> Vixie Crontab exploit code
Seems to me it's quite similar to exploit posted by me to BUGTRAQ before
(and available at http://lcamtuf.na.export.pl/pliki/rootcron), except that
your exploit makes blind assumption on procmail as default mailer (hmm)
and other parts of /etc/sendmail.cf - eg. default user settings... And
finally, +s /tmp/sh is not always enough (setuid(getuid()) is quite
common)...
In fact, can't see anything innovative, but execuse me if I'm wrong ;)
_______________________________________________________________________
Michal Zalewski [lcamtuf@ids.pl] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
