6498177 2001-05-08 15:07 -0700  /22 rader/ Kris Kennaway <kris@obsecurity.org>
Sänt av: joel@lysator.liu.se
Importerad: 2001-05-15  13:59  av Brevbäraren
Extern mottagare: Jay D. Dyson <jdyson@TREACHERY.NET>
Extern kopiemottagare: BUGTRAQ@SECURITYFOCUS.COM
Mottagare: Bugtraq (import) <16986>
Kommentar till text 6469713 av Jay D. Dyson <jdyson@TREACHERY.NET>
Ärende: Re: Vixie cron vulnerability
------------------------------------------------------------
On Tue, May 08, 2001 at 02:01:21PM -0700, Jay D. Dyson wrote:
> On Tue, 8 May 2001, Edwin Chiu wrote:
> 
> > The exploit failed for:
> > Redhat 6.1
> >     vixie-cron-3.0.1-39
> > Redhat 6.2
> >     vixie-cron-3.0.1-40
> 
> 	*nod* I wrote to Cade directly regarding the advisory as it seems
> to me that the issue is more a matter of Debian's implementation of Vixie
> cron than an issue with Vixie cron itself.  I'm still futzing with it to
> see if any other implementations will squeal.  Fun and interesting results
> will be posted when found.  ;)

I think this is a Linux-specific "enhancement" to vixie cron; nothing
remotely similar to the affected code seems to be in the FreeBSD
version, and I thought we were using the most recent vendor version.

Kris
(6498177) /Kris Kennaway <kris@obsecurity.org>/-----
Kommentar i text 6498178 av Kris Kennaway <kris@obsecurity.org>
6498178 2001-05-08 15:07 -0700  /10 rader/ Kris Kennaway <kris@obsecurity.org>
Importerad: 2001-05-15  13:59  av Brevbäraren
Extern mottagare: Jay D. Dyson <jdyson@TREACHERY.NET>
Extern kopiemottagare: BUGTRAQ@SECURITYFOCUS.COM
Mottagare: Bugtraq (import) <16987>
Bilaga (text/plain) till text 6498177
Ärende: Bilaga till: Re: Vixie cron vulnerability
------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6+G43Wry0BWjoQKURAix9AKCIdP12011eSCfVg23DXrFkDM9sHgCgr/E5
OWunALAn1pHuBNZ+a4P0ojQ=
=rsVR
-----END PGP SIGNATURE-----
(6498178) /Kris Kennaway <kris@obsecurity.org>/-----
6499122 2001-05-08 17:37 +0200  /16 rader/ Olaf Kirch <okir@caldera.de>
Sänt av: joel@lysator.liu.se
Importerad: 2001-05-15  16:19  av Brevbäraren
Extern mottagare: Cade Cairns <cairnsc@SECURITYFOCUS.COM>
Extern kopiemottagare: BUGTRAQ@SECURITYFOCUS.COM
Mottagare: Bugtraq (import) <16991>
Kommentar till text 6468468 av Cade Cairns <cairnsc@SECURITYFOCUS.COM>
Ärende: Re: Vixie cron vulnerability
------------------------------------------------------------
From: Olaf Kirch <okir@caldera.de>
To: Cade Cairns <cairnsc@SECURITYFOCUS.COM>
Cc: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010508173739.S5174@monad.caldera.de>

It should be noted that this problem is not Paul Vixie's fault; this
crept into Debian (and other Linux distributions) through a broken
patch.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.
(6499122) /Olaf Kirch <okir@caldera.de>/--(Ombruten)