From owner-freebsd-bugs  Sun Jan  2 12:56: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from isrv3.isc.org (isrv3.isc.org [204.152.184.87])
	by hub.freebsd.org (Postfix) with ESMTP id 5650E14A08
	for <freebsd-bugs@freebsd.org>; Sun,  2 Jan 2000 12:56:04 -0800 (PST)
	(envelope-from vixie@mibh.net)
Received: from redpaul.mibh.net (redpaul.mibh.net [204.152.187.70]) 
	by isrv3.isc.org (8.9.1/8.9.1) via ESMTP id MAA29978; Sun, 2 Jan 2000 12:56:00 -0800 (PST)
	env-from (vixie@mibh.net)
Received: from redpaul.mibh.net (localhost [127.0.0.1]) 
	by redpaul.mibh.net (8.9.3/8.9.1) via ESMTP id MAA05785; Sun, 2 Jan 2000 12:55:59 -0800 (PST)
	env-from (vixie@mibh.net)
Message-Id: <200001022055.MAA05785@redpaul.mibh.net>
To: Ole Pahl <op@pahl.net>
Cc: bugtraq@securityfocus.com, submission@rootshell.com,
	cert@cert.org, cert@cert.dfn.de, freebsd-bugs@freebsd.org,
	info@suse.de, isc-info@isc.org
Subject: Re: Bug in recent versions of Vixie cron 
In-reply-to: Your message of "Sun, 02 Jan 2000 21:21:51 +0100."
             <Pine.LNX.4.05.10001022010080.12566-100000@muschel.global-phun.net> 
Date: Sun, 02 Jan 2000 12:55:59 -0800
From: Paul A Vixie <vixie@mibh.net>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

if your cron source (do_command.c) does not include the function safe_p()
then it is vulnerable to this.  this hole was fixed in 1996.  take a look
at isc cron 4.0 beta1, at ftp://ftp.isc.org/isc/cron_4.0_b1.shar.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message