Bugtraq mailing list archives
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability
From: "Fabio Pietrosanti (naif)" <naif () INET IT>
Date: Thu, 26 Oct 2000 13:36:43 +0200
ops, i could read only file that start with "#" as in the advisor ;)) Tested against also a Slackware 3.0 = Vulnerable . naif On Wed, 25 Oct 2000, Kris Kennaway wrote:
On Wed, Oct 25, 2000 at 12:30:47PM +0200, Fabio Pietrosanti (naif) wrote:Tested also on: FreeBSD 3.3 = Vulnerable FreeBSD 2.2.8 = VulnerableAre you sure? Our testing indicates that you can't read an arbitrary file, it must conform to cron syntax - basically meaning either all lines commented out with a #, or an actual cron job file. I don't have access to a 2.x machine to test (and in fact the 2.2.x series has not been officially supported for some time), but I believe 3.5-RELEASE has the above properties I describe. Kris
Current thread:
- [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability Kyong-won Cho (Oct 24)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Kris Kennaway (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Casper Dik (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Bill Sommerfeld (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Fabio Pietrosanti (naif) (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Andrey Alekseyev (Oct 26)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Robert Watson (Oct 27)
- Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability Sergey Nenashev (Oct 25)