[11786] in bugtraq
Re: Root shell vixie cron exploit
daemon@ATHENA.MIT.EDU (Raymond Dijkxhoorn)
Thu Sep 9 15:48:20 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9909071204120.24842-100000@twix.thrijswijk.nl>
Date: Tue, 7 Sep 1999 12:04:57 +0200
Reply-To: Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL>
From: Raymond Dijkxhoorn <raymond@THRIJSWIJK.NL>
X-To: John Kennedy <jk@CSUCHICO.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990903171947.A346@akasha.net.chico.ca.us>
Hi!
> I had assumed that the whole problem with the vixie-cron exploit was
> that cron allowed users to invoke sendmail with arbitrary command-line
> options *as root*, so dropping SUID status doesn't do any good.
> Sendmail doesn't try to protect the root user from themselves.
I tried it on several RedHat 4.x 5.x and 6.x boxes and when they ARE
running sendmail, a lot alsos did qmail, it worked just fine...
Bye,
Raymond.
