Re: Vixie Crontab exploit code

From: rjpat_private
Date: Mon Sep 06 1999 - 23:15:29 PDT

Next message: nny: "Remotely delete CF ACLs to circumvent security"

Previous message: FreeBSD -- The Power to Serve: "Re: Local DoS on network by unpriviledged user using setsockopt()"
Maybe in reply to: Taeho Oh: "Vixie Crontab exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <19990902004829.A2579at_private>,
           Taeho Oh writes:
>
> # Tested redhat linux : 4.2, 5.0, 5.1, 6.0
> # Tested vixie crontab version : 3.0.1

Tried this on a non-hardened SuSE 6.1 with cron 3.0.1 with no result.

The script didn't change the DefaultUser for sendmail to start with because
SuSE doesn't use numeric ids in it's sendmail.cf.  I also fixed the script
so that the user-created sendmail.cf actually had DefaultUser=0:0 (I think
this was just a typo -- /tmp/sendmail.cf gets created with DefaultUser=0:0
but then is overwritten with the value from /etc/sendmail.cf.)

Even with those two fixes, I still just get a shell owned by my uid/gid.
--
rob partington % rjpat_private % http://lynx.browser.org/

Next message: nny: "Remotely delete CF ACLs to circumvent security"
Previous message: FreeBSD -- The Power to Serve: "Re: Local DoS on network by unpriviledged user using setsockopt()"
Maybe in reply to: Taeho Oh: "Vixie Crontab exploit code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:01:53 PDT