From owner-freebsd-security  Mon Dec 16 09:32:28 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id JAA19231
          for security-outgoing; Mon, 16 Dec 1996 09:32:28 -0800 (PST)
Received: from Zero-Cool.Hades.Org (root@dialup-1-4.net.ic.ac.uk [155.198.8.4])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id JAA19218
          for <freebsd-security@freebsd.org>; Mon, 16 Dec 1996 09:32:17 -0800 (PST)
Received: (from scot@localhost) by Zero-Cool.Hades.Org (8.7.5/8.7.3) id RAA01921; Mon, 16 Dec 1996 17:32:05 GMT
Date: Mon, 16 Dec 1996 17:32:05 +0000 (GMT)
From: Scot Elliott <scot@Zero-cool.Hades.Org>
Reply-To: pumpkin@uk.pi.net
To: FreeBSD Security list <freebsd-security@freebsd.org>
Subject: Re: crontab security hole exploit
In-Reply-To: <l03010d02aedafca2ae0c@[208.2.87.4]>
Message-ID: <Pine.BSF.3.91.961216172627.1853B-100000@Zero-Cool.Hades.Org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 16 Dec 1996, Richard Wackerbarth wrote:

> >Hello!
> >
> >Exploit for buffer overflow in crontab.
> >
> >
> >/* ---------------------------- CUT HERE
> >----------------------------------- */
> 
> Please do not post exploit details to the list. The details can be sent
> privately to security-officer@FreeBSD.ORG.
> Observations that they exist, preferably with impact statements (eg. user
> can gain root access) and proposed fixes are appropriate for public notice.
> 

Yeah... well although it's not really appropriate to publically explain 
how at crack a system, I personally find it more educational than just a 
patch...   at least then it's easy to see how the hack was working, where 
as the output from diff isn't all that easy to follow.

Scot.

---------------------------------------------------------------------------
| Scot Elliott	                    |   Please note that any opinions     |
| MEng Computing IV.                |   expressed are mine, and not those |
| Imperial College, London          |   of the department or college.     |
---------------------------------------------------------------------------
| e-mail: s.elliott@ic.ac.uk        |   IRC nick: PlumbrBoy               |
|         pumpkin@uk.pi.net         |   "You are everything in my fridge" |
---------------------------------------------------------------------------