[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: crontab from vixie-cron allows read other users crontabs

To: Karol Wi?sek <appelast@xxxxxxxxxxxxxxxx>
Subject: Re: crontab from vixie-cron allows read other users crontabs
From: David Malone <dwmalone@xxxxxxxxxxxx>
Date: Wed, 6 Apr 2005 22:31:56 +0100

On Wed, Apr 06, 2005 at 12:00:48PM +0200, Karol Wi?sek wrote:
> Details:
> 
> Insufficient checks allows user to change during edition regular file to
> symbolic link to any file. While copying crontab uses root permisions,
> but also checks entrys, so attacker is only able to read properly
> formated crontab files (another users crontabs).

Is this not the same bug as:

        http://cert.uni-stuttgart.de/archive/bugtraq/2000/10/msg00326.html

which was fixed in a number of OSs at the time? For example on
FreeBSD you get an error that crontabs should be edited in place.

        David.

22:23:kac 18% setenv EDITOR /tmp/c
22:23:kac 19% crontab -e
/tmp/crontab.nW9oUGhN18
$ unlink /tmp/crontab.nW9oUGhN18
$ ln -s /var/cron/tabs/root
$ set -E
$ ln -s /var/cron/tabs/root /tmp/crontab.nW9oUGhN18
$ exit
crontab: temp file must be edited in place
22:24:kac 20% uname 
FreeBSD

References:
- crontab from vixie-cron allows read other users crontabs
  - From: Karol Więsek

Prev by Date: [SIG^2 G-TEC] SurgeFTP LEAK Command Denial-Of-Service Vulnerability
Next by Date: Re: crontab from vixie-cron allows read other users crontabs
Previous by thread: Re: crontab from vixie-cron allows read other users crontabs
Next by thread: Re: crontab from vixie-cron allows read other users crontabs
Index(es):
- Date
- Thread