Bugtraq mailing list archives
Re: Vixie cron vulnerability
From: Michal Zalewski <lcamtuf () COREDUMP CX>
Date: Tue, 8 May 2001 11:30:55 -0400
On Mon, 7 May 2001, Cade Cairns wrote:
Attached is a simple proof of concept for the vixie cron vulnerability recently published in Debian Security Advisory DSA-054-1. The code was written during SIA analysis of this vulnerability.
Hm, there is my original proof-of-concept I coded for Sebastian Krahmer (who discovered this vulnerability), while working on it. This vulnerability affects Debian, SuSE, and probably few other Linuxes as well. It is a perfect example of bad coding, and how improper fixing of bugs might lead to even more dangerous conditions. It is fully automated, and I believe it gives absolutely nothing to the attacker, as this vulnerability can be exploited by hand in approximately 5 seconds ;) Michal Zalewski http://lcamtuf.coredump.cx
Attachment:
corntab
Description:
Current thread:
- Vixie cron vulnerability Cade Cairns (May 08)
- Re: Vixie cron vulnerability Edwin Chiu (May 08)
- Re: Vixie cron vulnerability Michal Zalewski (May 08)
- Re: Vixie cron vulnerability Olaf Kirch (May 15)