From owner-freebsd-bugs Sun Jan 2 13: 0: 2 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.lublin.pl (mx1.lublin.pl [212.182.63.76]) by hub.freebsd.org (Postfix) with ESMTP id BECC114DF1 for ; Sun, 2 Jan 2000 12:59:59 -0800 (PST) (envelope-from venglin@FreeBSD.lublin.pl) Received: from lubi.freebsd.lublin.pl ([212.182.118.90]:16135 "HELO lubi.FreeBSD.lublin.pl") by krupik.man.lublin.pl with SMTP id ; Sun, 2 Jan 2000 21:59:32 +0100 Received: (qmail 9871 invoked from network); 2 Jan 2000 20:59:39 -0000 Received: from lagoon.gadaczka.org (venglin@192.168.0.2) by mailhost.gadaczka.org with SMTP; 2 Jan 2000 20:59:39 -0000 Content-Length: 772 Message-ID: X-Mailer: XFMail 1.3 [p0] on Linux X-Priority: 3 (Normal) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT MIME-Version: 1.0 In-Reply-To: X-Motto: I think I'm -DPARANOID X-Operating-System: FreeBSD 3.3-STABLE (i386) X-SMS: +48601062409@text.plusgsm.pl X-PGP: PGP key on WWW or finger X-GeekCode-1: GED d- s+:- a16 C+++ ULB++++$ P+>+++ L+++ E+ W+++$ N+++ X-GeekCode-2: o? K? w--- O M- V PS PE+ Y PGP++ t+ 5 X++ R tv++ b++ DI+ X-GeekCode-3: D++ G e- h! r !y+ Date: Sun, 02 Jan 2000 21:59:35 +0100 (CET) Organization: Lublin BSD Users Group (www.FreeBSD.lublin.pl) From: Przemyslaw Frasunek To: Ole Pahl , freebsd-bugs@freebsd.org, bugtraq@securityfocus.com Subject: RE: Bug in recent versions of Vixie cron Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 02-Jan-00 Ole Pahl wrote: > I've just discovered a bug in Vixie cron allowing local users with access > to their own crontabs to gain root access. > Sendmail is called as root, thus allowing users to specify the -C option > causing Sendmail to use a user-specified configuration file: This bug is known for about 6 months. Exploit is also widely accessible. > This problem seems to be present in current versions of Vixie cron, e.g. > those used in operating systems like FreeBSD 3.4-RC as well as certain > Linux distributions such as SuSE Linux 6.2. FreeBSD is and was NOT vulnerable to this problem. --- * Fido: 2:480/124 ** WWW: http://www.FreeBSD.lublin.pl ** NIC-HDL: PMF9-RIPE * * Inet: venglin@FreeBSD.lublin.pl ** PGP: D48684904685DF43 EA93AFA13BE170BF * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message