[17369] in bugtraq
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file
daemon@ATHENA.MIT.EDU (Fabio Pietrosanti (naif))
Thu Oct 26 16:40:32 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0010261336001.8295-100000@naif.inet.it>
Date: Thu, 26 Oct 2000 13:36:43 +0200
Reply-To: "Fabio Pietrosanti (naif)" <naif@INET.IT>
From: "Fabio Pietrosanti (naif)" <naif@INET.IT>
X-To: Kris Kennaway <kris@citusc17.usc.edu>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001025145853.E52021@citusc17.usc.edu>
ops,
i could read only file that start with "#" as in the advisor ;))
Tested against also a Slackware 3.0 = Vulnerable .
naif
On Wed, 25 Oct 2000, Kris Kennaway wrote:
> On Wed, Oct 25, 2000 at 12:30:47PM +0200, Fabio Pietrosanti (naif) wrote:
> > Tested also on:
> >
> > FreeBSD 3.3 = Vulnerable
> > FreeBSD 2.2.8 = Vulnerable
>
> Are you sure? Our testing indicates that you can't read an arbitrary
> file, it must conform to cron syntax - basically meaning either all
> lines commented out with a #, or an actual cron job file.
>
> I don't have access to a 2.x machine to test (and in fact the 2.2.x
> series has not been officially supported for some time), but I believe
> 3.5-RELEASE has the above properties I describe.
>
> Kris
>
>
