Bugtraq mailing list archives

Re: Vixie Crontab exploit code

From: lcamtuf () IDS PL (Michal Zalewski)
Date: Tue, 6 Jul 1999 18:33:34 +0200


On Thu, 2 Sep 1999, Taeho Oh wrote:

 Vixie Crontab exploit code


Seems to me it's quite similar to exploit posted by me to BUGTRAQ before
(and available at http://lcamtuf.na.export.pl/pliki/rootcron), except that
your exploit makes blind assumption on procmail as default mailer (hmm)
and other parts of /etc/sendmail.cf - eg. default user settings... And
finally, +s /tmp/sh is not always enough (setuid(getuid()) is quite
common)...

In fact, can't see anything innovative, but execuse me if I'm wrong ;)

_______________________________________________________________________
Michal Zalewski [lcamtuf () ids pl] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]

Current thread:

Re: Vixie Crontab exploit code Michal Zalewski (Jul 06)
- <Possible follow-ups>
- Vixie Crontab exploit code Taeho Oh (Sep 01)
  - Re: Vixie Crontab exploit code rjp () BROWSER ORG (Sep 06)