[20575] in bugtraq
Re: Vixie cron vulnerability
daemon@ATHENA.MIT.EDU (Jay D. Dyson)
Tue May 8 18:05:46 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.3.96.1010508135756.3740B-100000@crypto>
Date: Tue, 8 May 2001 14:01:21 -0700
Reply-To: "Jay D. Dyson" <jdyson@treachery.net>
From: "Jay D. Dyson" <jdyson@treachery.net>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3AF83087.B0D2765@e-wares.com>
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 8 May 2001, Edwin Chiu wrote:
> The exploit failed for:
> Redhat 6.1
> vixie-cron-3.0.1-39
> Redhat 6.2
> vixie-cron-3.0.1-40
*nod* I wrote to Cade directly regarding the advisory as it seems
to me that the issue is more a matter of Debian's implementation of Vixie
cron than an issue with Vixie cron itself. I'm still futzing with it to
see if any other implementations will squeal. Fun and interesting results
will be posted when found. ;)
- -Jay
( ( _______
)) )) .- "There's always time for a good cup of coffee" -. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@treachery.net ------<) | = |-'
`--' `--' `---------- "Si vis pacem, para bellum." ----------' `------'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.
iQCVAwUBOvhQldCClfiU/BIVAQECcgP/fnDkOGxVAm6S+UKnCS5Kmdjnl67nVYGf
IFaWyv9JKF82A7E7L0PBI9hTe27YvyhamFDBVIDAu79n1AszxXUt7g+F0WEuHtpy
gBegB1+KnJCq8vzzdB9kBmCAe+XeILaG49BvACOcvww2AJN0YZhHu3ZA5COtWwhF
QxBGcf+6MFw=
=pGCW
-----END PGP SIGNATURE-----
