If you want the code. Do not ask, it is readily available in the bugtraq
archive.
On Wed, 12 Jul 2000, Michael Ghens wrote:
> Date: Wed, 12 Jul 2000 15:40:23 -0700 (PDT)
> From: Michael Ghens <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: security: crontab
>
> I just cannot believe this. I just tested an old vixie cron exploit
> against crontab. It was a clasic buffer overflow attack. I have a RH6.2
> WITH UPDATES. It worked. This exploit is almost over a year old.
>
> It's standard permistions are: -rwsr-xr-x
>
> My advice, change the permissions on /usr/bin/crontab.
>
> chmod 700 /usr/bin/crontab
>
> or
>
> chmod 4722 /usr/bin/crontab
>
> These permissions are more of a reminder that it should be a suid program
> when you feel like permitting everyone to use crontab again.
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
