Date: Mon, 16 Dec 1996 15:55:59 +0100 (MET) From: Joakim Rastberg <jor@xinit.se> To: Richard Wackerbarth <rkw@dataplex.net> Cc: Dmitry Valdov <dv@kis.ru>, security@FreeBSD.ORG Subject: Re: crontab security hole exploit Message-ID: <Pine.GSO.3.95.961216154913.7742B-100000@lich> In-Reply-To: <l03010d02aedafca2ae0c@[208.2.87.4]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Dec 1996, Richard Wackerbarth wrote: >>Exploit for buffer overflow in crontab. >Please do not post exploit details to the list. The details can be sent >privately to security-officer@FreeBSD.ORG. >Observations that they exist, preferably with impact statements (eg. user >can gain root access) and proposed fixes are appropriate for public notice. Is that official? Or only wishful thinking (ie if noone post them they will go away?). I would rather like the exploits be posted as they can be used to leverage the "management" to pay attention (background: I am working as a contractor to run some unix-boxes and although I whine about the low security *nothing* happens until I can show I get a #, then someone perhaps pulls the plug and pays for a more secure installation. My point beeing is that many companies, at least the ones I work for, IGNORES holes until someone have shown them the exploit) /joakim rastberg, Xinit AB, Sundsvall Sweden.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.95.961216154913.7742B-100000>