From owner-freebsd-security@FreeBSD.ORG  Tue Jul 18 12:31:43 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@FreeBSD.ORG
Delivered-To: freebsd-security@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0F1F16A4DE
	for <freebsd-security@FreeBSD.ORG>;
	Tue, 18 Jul 2006 12:31:43 +0000 (UTC)
	(envelope-from clemun@gmail.com)
Received: from gruik.clem1.be (clem1.be [81.56.211.121])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7FCC143D55
	for <freebsd-security@FreeBSD.ORG>;
	Tue, 18 Jul 2006 12:31:42 +0000 (GMT)
	(envelope-from clemun@gmail.com)
Received: from [192.168.2.5] (pouik.clem1.be [192.168.2.5])
	by gruik.clem1.be (8.13.5.20060308/8.13.4) with ESMTP id k6ICW8L9020328
	for <freebsd-security@FreeBSD.ORG>;
	Tue, 18 Jul 2006 14:32:08 +0200 (CEST)
Message-ID: <44BCD4E9.404@gmail.com>
Date: Tue, 18 Jul 2006 14:32:41 +0200
From: =?ISO-8859-1?Q?Cl=E9ment_Lecigne?= <clemun@gmail.com>
User-Agent: Thunderbird 1.5.0.2 (X11/20060420)
MIME-Version: 1.0
To: freebsd-security@FreeBSD.ORG
References: <200607181158.k6IBwsZJ099625@lurza.secnetix.de>
In-Reply-To: <200607181158.k6IBwsZJ099625@lurza.secnetix.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: Vulnerability in vixie cron?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2006 12:31:43 -0000

Hi,


Oliver Fromme wrote:
> Hi,
>
> (...)
>
> Any information would be appreciated.
>   

This issue was already discussed few weeks ago on this list.

http://lists.freebsd.org/pipermail/freebsd-hackers/2006-June/016729.html

In default configuration, this issue is not exploitable because a call 
to setuid(2) could fail only for non-root user. Anyway setuid(2) return 
value must be always checked and I guess this issue was fixed in HEAD 
and probably in RELENG_6 ?

Sincerely,
    Clem