From owner-freebsd-security  Tue May  8 15: 4:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from sol.serv.u-szeged.hu (sol.serv.u-szeged.hu [160.114.51.3])
	by hub.freebsd.org (Postfix) with ESMTP id 6622337B423
	for <security@freebsd.org>; Tue,  8 May 2001 15:04:07 -0700 (PDT)
	(envelope-from sziszi@petra.hos.u-szeged.hu)
Received: from petra.hos.u-szeged.hu by sol.serv.u-szeged.hu (8.9.3+Sun/SMI-SVR4)
	id AAA15542; Wed, 9 May 2001 00:04:05 +0200 (MEST)
Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian))
	id 14xFaQ-0002XN-00
	for <security@FreeBSD.ORG>; Wed, 09 May 2001 00:04:06 +0200
Date: Wed, 9 May 2001 00:04:06 +0200
From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>
To: security@FreeBSD.ORG
Subject: Re: Fwd: Vixie cron vulnerability
Message-ID: <20010509000406.C7798@petra.hos.u-szeged.hu>
Mail-Followup-To: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>,
	security@FreeBSD.ORG
References: <20010508201307.A2613@petra.hos.u-szeged.hu> <20010508144020.C2823@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010508144020.C2823@xor.obsecurity.org>; from kris@obsecurity.org on Tue, May 08, 2001 at 02:40:20PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, May 08, 2001 at 02:40:20PM -0700, Kris Kennaway wrote:
> On Tue, May 08, 2001 at 08:13:07PM +0200, Szilveszter Adam wrote:
> > Hello,
> > 
> > I hate to disturb, but...  
> > 
> > I cannot reproduce this, but... are we affected? This looks like rather
> > new...
> 
> I checked this when I first heard about it and we don't seem to be.  I
> don't even know where that version came from, it might be a
> linux-originated thing.
> 
> Kris

Well the version is surely Debian: p1 stands for patchlevel 1, I guess. The
crontab on one of our Linux boxen was already updated and it produced 
exactly the same result as the one on -CURRENT: a shell wrapper suid me:-)
Cool. Maybe you (kris) should inform BUGTRAQ that we are (as usual) exempt 
from the excitement that running vulnerable systems entails...

On a semi-related note: I found no good way of finding out what version 
of cron we have.
Last time when there was an exploit I had to check ident(1) lines IIRC. 
Does any of you know of a better way?

-- 
Regards:

Szilveszter ADAM
Szeged University
Szeged Hungary

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message