Re: vixie crontab

["enthh () FLASH NET" <enthh () FLASH NET>]

not necessarily.. many free shell providers will have someone login as
'newuser' and configure their own information, including the login name they
would like..

enthh
----- Original Message -----
From: "Blake R. Swopes" <bhodi () BIGFOOT COM>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: 12 February, 2001 6:46 PM
Subject: Re: vixie cron possible local root compromise


> Considering what overflows the buffer (your username), it would seem that
> you'd need root access to begin with in order to craft an exploit. Am I
> wrong?
>
> Of course, maybe this could be some exotic new addition to a rootkit.
>
> > -----Original Message-----
> > From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
> > Flatline
> > Sent: Saturday, February 10, 2001 3:38 PM
> > To: BUGTRAQ () SECURITYFOCUS COM
> > Subject: vixie cron possible local root compromise
> >
> >
> > - Introduction:
> >
> > Paul Vixie's crontab version 3.0.1-56 contains another buffer overflow
> > vulnerability.
> > I'm not sure whether it's exploitable or not, it needs to be
> > fixed however.