I just cannot believe this. I just tested an old vixie cron exploit
against crontab. It was a clasic buffer overflow attack. I have a RH6.2
WITH UPDATES. It worked. This exploit is almost over a year old.
It's standard permistions are: -rwsr-xr-x
My advice, change the permissions on /usr/bin/crontab.
chmod 700 /usr/bin/crontab
or
chmod 4722 /usr/bin/crontab
These permissions are more of a reminder that it should be a suid program
when you feel like permitting everyone to use crontab again.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
