Re: Vixie cron vulnerability

From: Wichert Akkerman (wichertat_private)
Date: Tue May 15 2001 - 05:44:25 PDT

Next message: Sebastian Krahmer: "SuSE Security Announcement: cron"

Previous message: X-Force: "ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure"
In reply to: Kris Kennaway: "Re: Vixie cron vulnerability"
Next in thread: Michal Zalewski: "Re: Vixie cron vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Previously Kris Kennaway wrote:
> I think this is a Linux-specific "enhancement" to vixie cron; nothing
> remotely similar to the affected code seems to be in the FreeBSD
> version, and I thought we were using the most recent vendor version.

As the Debian advisory mentioned, this was the result of a bug in an
earlier security fix we made. As such only those who also used that
other patch are vulnerable.

Wichert.

-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichertat_private                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

Next message: Sebastian Krahmer: "SuSE Security Announcement: cron"
Previous message: X-Force: "ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure"
In reply to: Kris Kennaway: "Re: Vixie cron vulnerability"
Next in thread: Michal Zalewski: "Re: Vixie cron vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 12:23:17 PDT