Vulnerability in vixie cron?
Oliver Fromme
olli at lurza.secnetix.de
Tue Jul 18 11:59:05 UTC 2006
Hi,
Recently there have been advisories and patches for
SuSE and RedHat (and probably a few others) regarding
a vulnerability in Vixie Cron. The details say that
there's insufficient checking of the return value of
setuid, which can lead to priviledge escalation and
lets users run cron jobs with root priviledges.
As far as I know, FreBSD also uses Vixie Cron (at least
the cron(8) manpage says so). However, I haven't seen
any FreeBSD advisory regarding this, so I wonder if
FreeBSD's cron isn't affected for some reason?
Any information would be appreciated.
Best regards
Oliver
PS: Here's the description of the RedHat advisory:
http://rhn.redhat.com/errata/RHSA-2006-0539.html
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.
(On the statement print "42 monkeys" + "1 snake":) By the way,
both perl and Python get this wrong. Perl gives 43 and Python
gives "42 monkeys1 snake", when the answer is clearly "41 monkeys
and 1 fat snake". -- Jim Fulton
More information about the freebsd-security
mailing list