On Mon, 7 May 2001, Cade Cairns wrote: > Attached is a simple proof of concept for the vixie cron vulnerability > recently published in Debian Security Advisory DSA-054-1. The code was > written during SIA analysis of this vulnerability. Hm, there is my original proof-of-concept I coded for Sebastian Krahmer (who discovered this vulnerability), while working on it. This vulnerability affects Debian, SuSE, and probably few other Linuxes as well. It is a perfect example of bad coding, and how improper fixing of bugs might lead to even more dangerous conditions. It is fully automated, and I believe it gives absolutely nothing to the attacker, as this vulnerability can be exploited by hand in approximately 5 seconds ;) Michal Zalewski http://lcamtuf.coredump.cx
This archive was generated by hypermail 2b30 : Tue May 08 2001 - 15:23:26 PDT