6498177 2001-05-08 15:07 -0700 /22 rader/ Kris Kennaway <kris@obsecurity.org> Sänt av: joel@lysator.liu.se Importerad: 2001-05-15 13:59 av Brevbäraren Extern mottagare: Jay D. Dyson <jdyson@TREACHERY.NET> Extern kopiemottagare: BUGTRAQ@SECURITYFOCUS.COM Mottagare: Bugtraq (import) <16986> Kommentar till text 6469713 av Jay D. Dyson <jdyson@TREACHERY.NET> Ärende: Re: Vixie cron vulnerability ------------------------------------------------------------ On Tue, May 08, 2001 at 02:01:21PM -0700, Jay D. Dyson wrote: > On Tue, 8 May 2001, Edwin Chiu wrote: > > > The exploit failed for: > > Redhat 6.1 > > vixie-cron-3.0.1-39 > > Redhat 6.2 > > vixie-cron-3.0.1-40 > > *nod* I wrote to Cade directly regarding the advisory as it seems > to me that the issue is more a matter of Debian's implementation of Vixie > cron than an issue with Vixie cron itself. I'm still futzing with it to > see if any other implementations will squeal. Fun and interesting results > will be posted when found. ;) I think this is a Linux-specific "enhancement" to vixie cron; nothing remotely similar to the affected code seems to be in the FreeBSD version, and I thought we were using the most recent vendor version. Kris (6498177) /Kris Kennaway <kris@obsecurity.org>/----- Kommentar i text 6498178 av Kris Kennaway <kris@obsecurity.org> 6498178 2001-05-08 15:07 -0700 /10 rader/ Kris Kennaway <kris@obsecurity.org> Importerad: 2001-05-15 13:59 av Brevbäraren Extern mottagare: Jay D. Dyson <jdyson@TREACHERY.NET> Extern kopiemottagare: BUGTRAQ@SECURITYFOCUS.COM Mottagare: Bugtraq (import) <16987> Bilaga (text/plain) till text 6498177 Ärende: Bilaga till: Re: Vixie cron vulnerability ------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6+G43Wry0BWjoQKURAix9AKCIdP12011eSCfVg23DXrFkDM9sHgCgr/E5 OWunALAn1pHuBNZ+a4P0ojQ= =rsVR -----END PGP SIGNATURE----- (6498178) /Kris Kennaway <kris@obsecurity.org>/----- 6499122 2001-05-08 17:37 +0200 /16 rader/ Olaf Kirch <okir@caldera.de> Sänt av: joel@lysator.liu.se Importerad: 2001-05-15 16:19 av Brevbäraren Extern mottagare: Cade Cairns <cairnsc@SECURITYFOCUS.COM> Extern kopiemottagare: BUGTRAQ@SECURITYFOCUS.COM Mottagare: Bugtraq (import) <16991> Kommentar till text 6468468 av Cade Cairns <cairnsc@SECURITYFOCUS.COM> Ärende: Re: Vixie cron vulnerability ------------------------------------------------------------ From: Olaf Kirch <okir@caldera.de> To: Cade Cairns <cairnsc@SECURITYFOCUS.COM> Cc: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <20010508173739.S5174@monad.caldera.de> It should be noted that this problem is not Paul Vixie's fault; this crept into Debian (and other Linux distributions) through a broken patch. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir@caldera.de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers. (6499122) /Olaf Kirch <okir@caldera.de>/--(Ombruten)