Re: crontab from vixie-cron allows read other users crontabs

To: Karol Więsek <appelast@xxxxxxxxxxxxxxxx>
Subject: Re: crontab from vixie-cron allows read other users crontabs
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Thu, 07 Apr 2005 00:24:44 +0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <4253B350.8000903@xxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <4253B350.8000903@xxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Karol Więsek wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Name:                   vixie-cron


[snip]

Details:

Insufficient checks allows user to change during edition regular file to
symbolic link to any file. While copying crontab uses root permisions,
but also checks entrys, so attacker is only able to read properly
formated crontab files (another users crontabs).


[snip]

It should be noted that this is redhat specific, not in "vixie-cron".

*sniff*

        Gadi.

References:
- crontab from vixie-cron allows read other users crontabs
  - From: Karol Więsek

Prev by Date: Re: crontab from vixie-cron allows read other users crontabs
Next by Date: iDEFENSE Security Advisory 04.07.05: SGI IRIX gr_osview Information Disclosure Vulnerability
Previous by thread: Re: crontab from vixie-cron allows read other users crontabs
Next by thread: [ GLSA 200504-05 ] Gaim: Denial of Service issues
Index(es):
- Date
- Thread