[17683] in bugtraq
Re: vixie cron...
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri Nov 17 12:33:09 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10011171747130.751-100000@localhost>
Date: Fri, 17 Nov 2000 18:12:13 +0100
Reply-To: Michal Zalewski <lcamtuf@TPI.PL>
From: Michal Zalewski <lcamtuf@TPI.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In order to summarize the responses I've received:
Vulnerable:
- Debian 2.2 is vulnerable; this exploit might need slight
modifications in order to work properly (eg. /var/spool/cron/crontabs,
which is 0755 as well, has to be used instead of /var/spool/cron)
- systems where vixie-cron has been installed manually seems to be
vulnerable (this will include Solaris etc - but this exploit
won't work or will require some modifications); well, general
conditions are: o+x on /var/spool/cron and setuid vixie crontab.
- I still have no informations about other non RH-derived distributions
and other systems shipping vixie-cron, but I would suspect at least
part of them (if you have something to add, feel free to mail me),
Not vulnerable:
- most of RedHat-derived systems are not vulnerable (this includes
Mandrake, Cobalt Linux and *probably* Corel Linux); Trustix is
not vulnerable,
- Slackware is not using vixie-cron, of course (but have dangerous
permissions, if you have replaced default cron with vixie, expect
problems),
- FreeBSD seems to be not vulnerable (other permissions).
That's it for now. I would like to thanks all the people who replied to my
mail - Dmitry Alyabyev, Mariusz Woloszyn, Ethan Benson, Oystein Viggen,
Szilveszter Adam, dbaseiv, Simple Nomad and Daniel Jacobowitz :)
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
