Re: Root shell vixie cron exploit

From: Raymond Dijkxhoorn (raymondat_private)
Date: Tue Sep 07 1999 - 03:04:57 PDT

Next message: Jesper M. Johansson: "Re: IE5 allows executing programs"

Previous message: : dp :: "Re: IE 5.0 allows executing programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

>   I had assumed that the whole problem with the vixie-cron exploit was
> that cron allowed users to invoke sendmail with arbitrary command-line
> options *as root*, so dropping SUID status doesn't do any good.
> Sendmail doesn't try to protect the root user from themselves.

I tried it on several RedHat 4.x 5.x and 6.x boxes and when they ARE
running sendmail, a lot alsos did qmail, it worked just fine...

Bye,
Raymond.

Next message: Jesper M. Johansson: "Re: IE5 allows executing programs"
Previous message: : dp :: "Re: IE 5.0 allows executing programs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:19 PDT