[17371] in bugtraq
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file
daemon@ATHENA.MIT.EDU (Kris Kennaway)
Thu Oct 26 16:50:16 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20001025145853.E52021@citusc17.usc.edu>
Date: Wed, 25 Oct 2000 14:58:53 -0700
Reply-To: Kris Kennaway <kris@CITUSC17.USC.EDU>
From: Kris Kennaway <kris@CITUSC17.USC.EDU>
X-To: naif@inet.it
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0010251221420.7175-100000@naif.inet.it>; from
fabio@TELEMAIL.IT on Wed, Oct 25, 2000 at 12:30:47PM +0200
On Wed, Oct 25, 2000 at 12:30:47PM +0200, Fabio Pietrosanti (naif) wrote:
> Tested also on:
>
> FreeBSD 3.3 = Vulnerable
> FreeBSD 2.2.8 = Vulnerable
Are you sure? Our testing indicates that you can't read an arbitrary
file, it must conform to cron syntax - basically meaning either all
lines commented out with a #, or an actual cron job file.
I don't have access to a 2.x machine to test (and in fact the 2.2.x
series has not been officially supported for some time), but I believe
3.5-RELEASE has the above properties I describe.
Kris
