edit others user crontab, security bug

Andrii Kuzik akuzik at gmail.com
Thu Sep 1 12:47:29 UTC 2016

Probably a lot of freebsd servers affected

Security bug allows to edit other users crontab

root# pw useradd -n www.promspecbud.com  -g nobody -s /bin/sh -d /tmp
root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp
root# echo @daily doit baby > /tmp/test
root# crontab -u www.promspecbud.com.other /tmp/test
root# crontab -u www.promspecbud.com -l

=====output =====
@daily doit baby

root#echo @daily doit baby one more time>> /tmp/test
root#sudo -u www.promspecbud.com.other crontab /tmp/test
root#sudo -u www.promspecbud.com crontab -l
=====output =====
@daily doit baby
@daily doit baby one more time

root# uname -a
FreeBSD kuzik 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25
02:10:02 UTC 2016
root at releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64

best regards, Andrii Kuzik

More information about the freebsd-security mailing list