From owner-freebsd-security  Mon Dec 16 08:03:41 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id IAA14215
          for security-outgoing; Mon, 16 Dec 1996 08:03:41 -0800 (PST)
Received: from ecstasy.nanospace.com (qmailr@ecstasy.nanospace.com [205.199.196.92])
          by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id IAA14210
          for <security@freebsd.org>; Mon, 16 Dec 1996 08:03:36 -0800 (PST)
Received: (qmail 965 invoked by uid 1000); 16 Dec 1996 16:04:28 -0000
Date: 16 Dec 1996 16:04:28 -0000
Message-ID: <19961216160428.964.qmail@ecstasy.nanospace.com>
From: Oregon Ghost <oghost@ecstasy.nanospace.com>
To: security@freebsd.org
Subject: Re: crontab security hole exploit
In-Reply-To: <Pine.GSO.3.95.961216154913.7742B-100000@lich>
References: <l03010d02aedafca2ae0c@[208.2.87.4]>
	<Pine.GSO.3.95.961216154913.7742B-100000@lich>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----


The exploits are posted to several other quite public lists (bugtraq
has over 5000 subscribers now), so why not here?  I should think it
underscores the fact that the security hole is exploitable with
publicly available code.


Joakim Rastberg writes:
 > On Mon, 16 Dec 1996, Richard Wackerbarth wrote:
 > >>Exploit for buffer overflow in crontab.
 > >Please do not post exploit details to the list. The details can be sent
 > >privately to security-officer@FreeBSD.ORG.
 > >Observations that they exist, preferably with impact statements (eg. user
 > >can gain root access) and proposed fixes are appropriate for public notice.
 > 
 > Is that official? Or only wishful thinking (ie if noone post them they
 > will go away?). I would rather like the exploits be posted as they can be used
 > to leverage the "management" to pay attention (background: I am working as
 > a contractor to run some unix-boxes and although I whine about the low
 > security *nothing* happens until I can show I get a #, then someone
 > perhaps pulls the plug and pays for a more secure installation. My point
 > beeing is that many companies, at least the ones I work for, IGNORES holes
 > until someone have shown them the exploit)
 > 
 > /joakim rastberg, Xinit AB, Sundsvall Sweden.
 > 
 > 

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQEVAwUBMrVzBeyAA+ME1XYFAQF6Gwf+MYbu4xVo/1xm+LMmLoHjC/bIPbgYp7tW
xVkZ+57o5+kDOA8itepbq/coG8RNN6Rh7trhSxKZGKPVX1lO090oF0/OKbn99UZZ
SO+lR1id3gZS6V8dqEEmJnnK2ZwVHo4DKgX0GfddLaJ4+URpLM+GOzQUZf4LW8fT
jg5NGpBNy7Q5vyeNPDDxWGJhwxaeHFf3MIaOwIMpO2TeZG8XX4dA4mzf1A9ydbQL
ZoumOsc4tjsNC3XHN3NKP4wYdsXtipv0qwUWXBS9Ao1mJ++d4dQZBKOZxsQ6+qAb
0mUssMzgmI7B3C3z4xeHYjE/w0E0XBk8edhpvhKihTjp2o6/AUf3gg==
=EvGH
-----END PGP SIGNATURE-----