Date: Fri, 27 Aug 1999 08:01:58 +0300 From: Alexandre Snarskii <snar@paranoia.ru> To: Brian Tao <taob@risc.org>, FREEBSD-SECURITY <freebsd-security@FreeBSD.ORG> Subject: Re: Buffer overflow in vixie cron? Message-ID: <19990827080158.A15699@lucky.net> In-Reply-To: <Pine.GSO.3.96.990826235646.6840S-100000@tor-dev1.nbc.netcom.ca>; from Brian Tao on Thu, Aug 26, 1999 at 11:58:38PM -0400 References: <Pine.GSO.3.96.990826235646.6840S-100000@tor-dev1.nbc.netcom.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Aug 26, 1999 at 11:58:38PM -0400, Brian Tao wrote: > RedHat published a security advisory for the version of vixie-cron > included in RH 4.2, 5.2 and 6.0 today. Is our version also > vulnerable? I haven't seen the diffs yet, but it is in the > cron_popen() call in /usr/src/usr.sbin/cron/cron/popen.c . That bug is not from cron_popen(), but from the paramerers to that call. Really, in classic vixie cron there were a chance to prepare _any_ command string to execute. FreeBSD is not vulnerabile since 1995 (2.0.5-alpha) ( cite from: http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/cron/cron/do_command.c ) 1.4 Fri Apr 14 21:54:18 1995 UTC by ache CVS Tags: RELENG_2_0_5_ALPHA Diffs to 1.3 Fix MAILTO hole by passing -t to sendmail Submitted by: Mike Pritchard <pritc003@maroon.tc.umn.edu> _________________________________________________________________ 1.3 Thu Apr 13 20:58:13 1995 UTC by ache Diffs to 1.2 Really fix MAILTO hole by parsing spaces. Remove local bitstring copy _________________________________________________________________ 1.2 Wed Apr 12 18:57:37 1995 UTC by ache Diffs to 1.1 Close MAILTO security hole </cite> -- Alexander Snarskii the source code is included. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990827080158.A15699>