Vulnerability in vixie cron?
- From: Oliver Fromme <olli@xxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Jul 2006 13:58:54 +0200 (CEST)
Recently there have been advisories and patches for
SuSE and RedHat (and probably a few others) regarding
a vulnerability in Vixie Cron. The details say that
there's insufficient checking of the return value of
setuid, which can lead to priviledge escalation and
lets users run cron jobs with root priviledges.
As far as I know, FreBSD also uses Vixie Cron (at least
the cron(8) manpage says so). However, I haven't seen
any FreeBSD advisory regarding this, so I wonder if
FreeBSD's cron isn't affected for some reason?
Any information would be appreciated.
PS: Here's the description of the RedHat advisory:
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
(On the statement print "42 monkeys" + "1 snake":) By the way,
both perl and Python get this wrong. Perl gives 43 and Python
gives "42 monkeys1 snake", when the answer is clearly "41 monkeys
and 1 fat snake". -- Jim Fulton
freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"