Re: vixie cron... (fwd)

To: An Thi-Nguyen Le <anle@ews.uiuc.edu>, debian-security@lists.debian.org
Subject: Re: vixie cron... (fwd)
From: Ethan Benson <erbenson@alaska.net>
Date: Fri, 17 Nov 2000 06:24:33 -0900
Message-id: <[🔎] 20001117062432.D22105@plato.local.lan>
In-reply-to: <[🔎] 20001117075426.D14610@srh1003>; from anle@ews.uiuc.edu on Fri, Nov 17, 2000 at 07:54:26AM -0600
References: <[🔎] Pine.LNX.4.21.0011171235380.4585-200000@io.88.net> <[🔎] 20001117034619.V5619@plato.local.lan> <[🔎] 20001117075426.D14610@srh1003>

On Fri, Nov 17, 2000 at 07:54:26AM -0600, An Thi-Nguyen Le wrote:
> On Fri, Nov 17, 2000 at 03:46:19AM -0900, Ethan Benson typed:
> } On Fri, Nov 17, 2000 at 12:36:54PM +0000, thomas lakofski wrote:
> } > fyi -- i've not tried it.
> } 
> } i have, it does not work, i tried several different variations and
> } failed to create any files in /var/spool/cron.
> } 
> } i do not believe debian is vulnerable.
> 
> Wrong, we *are* vulnerable.  Take a look /var/spool/cron/crontabs 
> instead.

ah, your right, however this is not exploitable since
/var/spool/cron/crontabs is mode 700.  

still should be fixed though.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpFG2f9XILmO.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: vixie cron... (fwd)
  - From: Daniel Jacobowitz <dan@debian.org>

References:
- vixie cron... (fwd)
  - From: thomas lakofski <thomas@88.net>
- Re: vixie cron... (fwd)
  - From: Ethan Benson <erbenson@alaska.net>
- Re: vixie cron... (fwd)
  - From: An Thi-Nguyen Le <anle@ews.uiuc.edu>

Prev by Date: Re: Bug#77257: FWD: Joe's Own Editor File Link Vulnerability
Next by Date: Re: vixie cron... (fwd)
Previous by thread: Re: vixie cron... (fwd)
Next by thread: Re: vixie cron... (fwd)
Index(es):
- Date
- Thread