Date: Thu, 26 Aug 1999 22:19:54 -0600 (MDT) From: Paul Hart <hart@iserver.com> To: Brian Tao <taob@risc.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Buffer overflow in vixie cron? Message-ID: <Pine.BSF.3.96.990826221017.8059A-100000@anchovy.orem.iserver.com> In-Reply-To: <Pine.GSO.3.96.990826235646.6840S-100000@tor-dev1.nbc.netcom.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Aug 1999, Brian Tao wrote: > RedHat published a security advisory for the version of vixie-cron > included in RH 4.2, 5.2 and 6.0 today. Is our version also vulnerable? I don't believe so. I looked through 3.2-STABLE and didn't see any overflows. I haven't looked at the exact Linux diff, but from the description of the problem it sounds like they fixed the line where the sendmail pipe command string buffer is built. Our code already uses snprintf when using the MAILTO value, but the original Vixie cron used sprintf without length checks in both version 3.0 and 3.0.1. I'm assuming that's where the hole was. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990826221017.8059A-100000>