[19168] in bugtraq
Re: vixie cron possible local root compromise
daemon@ATHENA.MIT.EDU (Blake R. Swopes)
Mon Feb 12 22:56:34 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000401c0954e$00babe40$0300000a@TheWell.LAN>
Date: Mon, 12 Feb 2001 15:46:20 -0800
Reply-To: "Blake R. Swopes" <bhodi@BIGFOOT.COM>
From: "Blake R. Swopes" <bhodi@BIGFOOT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <5.0.2.1.2.20010211003607.00a627e8@pop3.lb.hva.nl>
Considering what overflows the buffer (your username), it would seem that
you'd need root access to begin with in order to craft an exploit. Am I
wrong?
Of course, maybe this could be some exotic new addition to a rootkit.
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
> Flatline
> Sent: Saturday, February 10, 2001 3:38 PM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: vixie cron possible local root compromise
>
>
> - Introduction:
>
> Paul Vixie's crontab version 3.0.1-56 contains another buffer overflow
> vulnerability.
> I'm not sure whether it's exploitable or not, it needs to be
> fixed however.
>
>
