From owner-freebsd-security  Thu Aug 26 20:59:14 1999
Delivered-To: freebsd-security@freebsd.org
Received: from tor-dev1.nbc.netcom.ca (tor-dev1.nbc.netcom.ca [207.181.89.12])
	by hub.freebsd.org (Postfix) with ESMTP id 24ED114E01
	for <freebsd-security@freebsd.org>; Thu, 26 Aug 1999 20:59:10 -0700 (PDT)
	(envelope-from taob@tor-dev1.nbc.netcom.ca)
Received: by tor-dev1.nbc.netcom.ca (8.9.1/8.9.1) id XAA23742;
	Thu, 26 Aug 1999 23:58:38 -0400 (EDT)
Date: Thu, 26 Aug 1999 23:58:38 -0400 (EDT)
From: Brian Tao <taob@risc.org>
X-Sender: taob@tor-dev1.nbc.netcom.ca
To: FREEBSD-SECURITY <freebsd-security@freebsd.org>
Subject: Buffer overflow in vixie cron?
Message-ID: <Pine.GSO.3.96.990826235646.6840S-100000@tor-dev1.nbc.netcom.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

    RedHat published a security advisory for the version of vixie-cron
included in RH 4.2, 5.2 and 6.0 today.  Is our version also
vulnerable?  I haven't seen the diffs yet, but it is in the
cron_popen() call in /usr/src/usr.sbin/cron/cron/popen.c .
-- 
Brian Tao (BT300, taob@risc.org)
"Though this be madness, yet there is method in't"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message