From owner-freebsd-bugs Sun Jan 2 13:14:36 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from muschel.global-phun.net (muschel.Global-Phun.net [212.6.148.36]) by hub.freebsd.org (Postfix) with ESMTP id C978E14BCE for ; Sun, 2 Jan 2000 13:14:31 -0800 (PST) (envelope-from op@pahl.net) Received: from localhost (op@localhost [127.0.0.1]) by muschel.global-phun.net (8.8.8/8.8.8) with ESMTP id WAA12970; Sun, 2 Jan 2000 22:09:24 +0100 Date: Sun, 2 Jan 2000 22:09:23 +0100 (MET) From: Ole Pahl X-Sender: op@muschel.global-phun.net To: bugtraq@securityfocus.com, submission@rootshell.com, cert@cert.org, cert@cert.dfn.de, freebsd-bugs@freebsd.org, info@suse.de, paul@vix.com, info@vix.com Subject: Bug in recent versions of Vixie cron - Sorry! Message-ID: Organization: PAHL.NET Network Solutions MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The problem described in my previous message was already present in the BugTraq vulnerability database with a slightly different description considering this vulnerability a bug validating the user-specified MAILTO value. However, as Sendmail is executable by anyone, describing this bug as a missing setuid() before starting Sendmail makes a lot more sense. Most Linux distribution vendors (including SuSE, RedHat and Debian) have prepared appropriate update packages, but I was unable to find a security advisory addressing this issue on www.freebsd.org although it could be reproduced on a FreeBSD 3.4-RC system (as already mentioned). Information concerning other operating systems using Vixie cron is appreciated. Regards, Ole Pahl -- Ole Pahl Hamburg / Germany Fon: +49 40 7807 2601 PAHL.NET Network Solutions Mail: info@pahl.net Fax: +49 40 7807 2602 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message