Date: Fri, 17 Nov 2000 18:12:13 +0100 From: Michal Zalewski <lcamtuf@TPI.PL> Subject: Re: vixie cron... To: BUGTRAQ@SECURITYFOCUS.COM In order to summarize the responses I've received: Vulnerable: - Debian 2.2 is vulnerable; this exploit might need slight modifications in order to work properly (eg. /var/spool/cron/crontabs, which is 0755 as well, has to be used instead of /var/spool/cron) - systems where vixie-cron has been installed manually seems to be vulnerable (this will include Solaris etc - but this exploit won't work or will require some modifications); well, general conditions are: o+x on /var/spool/cron and setuid vixie crontab. - I still have no informations about other non RH-derived distributions and other systems shipping vixie-cron, but I would suspect at least part of them (if you have something to add, feel free to mail me), Not vulnerable: - most of RedHat-derived systems are not vulnerable (this includes Mandrake, Cobalt Linux and *probably* Corel Linux); Trustix is not vulnerable, - Slackware is not using vixie-cron, of course (but have dangerous permissions, if you have replaced default cron with vixie, expect problems), - FreeBSD seems to be not vulnerable (other permissions). That's it for now. I would like to thanks all the people who replied to my mail - Dmitry Alyabyev, Mariusz Woloszyn, Ethan Benson, Oystein Viggen, Szilveszter Adam, dbaseiv, Simple Nomad and Daniel Jacobowitz :) _______________________________________________________ Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=