On Tue, May 08, 2001 at 02:01:21PM -0700, Jay D. Dyson wrote: > On Tue, 8 May 2001, Edwin Chiu wrote: > > > The exploit failed for: > > Redhat 6.1 > > vixie-cron-3.0.1-39 > > Redhat 6.2 > > vixie-cron-3.0.1-40 > > *nod* I wrote to Cade directly regarding the advisory as it seems > to me that the issue is more a matter of Debian's implementation of Vixie > cron than an issue with Vixie cron itself. I'm still futzing with it to > see if any other implementations will squeal. Fun and interesting results > will be posted when found. ;) I think this is a Linux-specific "enhancement" to vixie cron; nothing remotely similar to the affected code seems to be in the FreeBSD version, and I thought we were using the most recent vendor version. Kris
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 06:14:35 PDT