Re: Vixie cron vulnerability

• Previous message: Paul Cardon: "Re: [BUGTRAQ] Windows 2000 .printer remote overflow - webexplt.plproblem!"
• In reply to: Jay D. Dyson: "Re: Vixie cron vulnerability"
• Next in thread: Wichert Akkerman: "Re: Vixie cron vulnerability"
• Next in thread: Michal Zalewski: "Re: Vixie cron vulnerability"
• Reply: Wichert Akkerman: "Re: Vixie cron vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 08, 2001 at 02:01:21PM -0700, Jay D. Dyson wrote:
> On Tue, 8 May 2001, Edwin Chiu wrote:
> 
> > The exploit failed for:
> > Redhat 6.1
> >     vixie-cron-3.0.1-39
> > Redhat 6.2
> >     vixie-cron-3.0.1-40
> 
> 	*nod* I wrote to Cade directly regarding the advisory as it seems
> to me that the issue is more a matter of Debian's implementation of Vixie
> cron than an issue with Vixie cron itself.  I'm still futzing with it to
> see if any other implementations will squeal.  Fun and interesting results
> will be posted when found.  ;)

I think this is a Linux-specific "enhancement" to vixie cron; nothing
remotely similar to the affected code seems to be in the FreeBSD
version, and I thought we were using the most recent vendor version.

Kris

• application/pgp-signature attachment: stored

• Next message: Martin O'Neal: "Corsaire Limited Security Advisory - Symantec/Axent NetProwler 3. 5.x database configuration"
• Previous message: Paul Cardon: "Re: [BUGTRAQ] Windows 2000 .printer remote overflow - webexplt.plproblem!"
• In reply to: Jay D. Dyson: "Re: Vixie cron vulnerability"
• Next in thread: Wichert Akkerman: "Re: Vixie cron vulnerability"
• Next in thread: Michal Zalewski: "Re: Vixie cron vulnerability"
• Reply: Wichert Akkerman: "Re: Vixie cron vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 06:14:35 PDT