Vulnerability Development mailing list archives
Re: vixie crontab
From: "enthh () FLASH NET" <enthh () FLASH NET>
Date: Tue, 13 Feb 2001 14:56:48 -0500
not necessarily.. many free shell providers will have someone login as 'newuser' and configure their own information, including the login name they would like.. enthh ----- Original Message ----- From: "Blake R. Swopes" <bhodi () BIGFOOT COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: 12 February, 2001 6:46 PM Subject: Re: vixie cron possible local root compromise
Considering what overflows the buffer (your username), it would seem that you'd need root access to begin with in order to craft an exploit. Am I wrong? Of course, maybe this could be some exotic new addition to a rootkit.-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Flatline Sent: Saturday, February 10, 2001 3:38 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: vixie cron possible local root compromise - Introduction: Paul Vixie's crontab version 3.0.1-56 contains another buffer overflow vulnerability. I'm not sure whether it's exploitable or not, it needs to be fixed however.
Current thread:
- Re: vixie crontab enthh () FLASH NET (Feb 13)