Re: [RHSA-1999:030-01] Buffer overflow in cron daemon

From: Adam Morrison (adamat_private)
Date: Sun Aug 29 1999 - 03:42:05 PDT

Next message: Jesper M. Johansson: "Re: IE 5.0 allows executing programs"

Previous message: Martin Schulze: "Vixie Cron version 3.0pl1 vulnerable to root exploit"
Maybe in reply to: Bill Nottingham: "[RHSA-1999:030-01] Buffer overflow in cron daemon"
Next in thread: Kurt Seifried: "Re: [RHSA-1999:030-01] Buffer overflow in cron daemon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 7. Problem description:
>
> Also, it was possible to use specially formatted 'MAILTO'
> environment variables to send commands to sendmail.

FWIW, this was fixed in FreeBSD in early 1995 by Andrey Chernov
in response to a similar hole in atrun(8) hole that I reported.

Next message: Jesper M. Johansson: "Re: IE 5.0 allows executing programs"
Previous message: Martin Schulze: "Vixie Cron version 3.0pl1 vulnerable to root exploit"
Maybe in reply to: Bill Nottingham: "[RHSA-1999:030-01] Buffer overflow in cron daemon"
Next in thread: Kurt Seifried: "Re: [RHSA-1999:030-01] Buffer overflow in cron daemon"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:59:38 PDT