Linux Today: Linux News On Internet Time.
Search Linux Today
search.internet.com
Linux News Sections: Blog - Developer - High Performance - Infrastructure - IT Management - Security - Storage -
Linux Today Navigation
LT Home
Preferences
Contribute
Link to Us
Search
Linux Jobs

Become a Marketplace Partner

internet.commerce
Be a Commerce Partner














The Linux Channel at internet.com
Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Technology Jobs

JustTechJobs.com

LinuxToday Newsletters
Subscribe News
Subscribe PR
Subscribe Security

internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

 







Current Newswire:

Our Linux Dream 2008

Will a Linux Certification Help You Get a Linux Job?

WordPress Being Slow, a DNS Problem

Ubuntu or Fedora?

Microsoft's Tired TCO Toffee

WFTL Bytes! for Dec 3, 2008: Now Open Source Is Broken, Viruses Eat Army, Microsoft Buys Friends

IBM Virtual Desktop Bundles Lotus, Ubuntu Linux to Freeze Out Microsoft

Firefox Nightly Beats Chrome in Speed And Webkit Nightly Eats Them For Breakfast.

Intel, Hitachi Make a Splash in Solid State Storage

Does Google Have a Secret OS?



Unix/Red Hat Systems Adminsitrator
The Computer Merchant, Ltd
US-PA-Lansdale

Justtechjobs.com Post A Job | Post A Resume
:Red Hat Security Advisory: Buffer overflow in cron daemon
Red Hat Security Advisory: Buffer overflow in cron daemon
Aug 26, 1999, 04 :45 UTC (0 Talkback[s]) (4458 reads)

"By creating a crontab that runs with a specially formatted 'MAILTO' environment variable, it is possible for local users to overflow a fixed-length buffer in the cron daemon's cron_popen() function. Since the cron daemon runs as root, it would be theoretcially possible for local users to use this buffer overflow to gain root privilege."

Date: Wed, 25 Aug 1999 21:17:20 -0400
From: Bill Nottingham @redhat.com
To: redhat-watch-list@redhat.com


Red Hat, Inc. Security Advisory

Synopsis: Buffer overflow in cron daemon
Advisory ID: RHSA-1999:030-01
Issue date: 1999-08-25
Updated on:
Keywords: vixie-cron crond MAILTO
Cross references:

1. Topic:

A buffer overflow exists in crond, the cron daemon. This could allow local users to gain privilege.

2. Bug IDs fixed (http://developer.redhat.com/bugzilla/):

4706

3. Relevant releases/architectures:

Red Hat Linux 4.2, 5.2, 6.0, all architectures

4. Obsoleted by:

5. Conflicts with:

6. RPMs required:

Red Hat Linux 4.2:

Intel:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/i386/vixie-cron-3.0.1-36.4.2.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/alpha/vixie-cron-3.0.1-36.4.2.alpha.rpm

Sparc:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/sparc/vixie-cron-3.0.1-36.4.2.sparc.rpm

Source packages:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/4.2/SRPMS/vixie-cron-3.0.1-36.4.2.src.rpm

Red Hat Linux 5.2:

Intel:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/i386/vixie-cron-3.0.1-36.5.2.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/alpha/vixie-cron-3.0.1-36.5.2.alpha.rpm

Sparc:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/sparc/vixie-cron-3.0.1-36.5.2.sparc.rpm

Source packages:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/5.2/SRPMS/vixie-cron-3.0.1-36.5.2.src.rpm

Red Hat Linux 6.0:

Intel:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/i386/vixie-cron-3.0.1-37.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/alpha/vixie-cron-3.0.1-37.alpha.rpm

Sparc:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/sparc/vixie-cron-3.0.1-37.sparc.rpm

Source packages:
rpm -Uvh ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/vixie-cron-3.0.1-37.src.rpm

7. Problem description:

By creating a crontab that runs with a specially formatted 'MAILTO' environment variable, it is possible for local users to overflow a fixed-length buffer in the cron daemon's cron_popen() function. Since the cron daemon runs as root, it would be theoretcially possible for local users to use this buffer overflow to gain root privilege.

To the best of our knowledge, no known exploits exist at this time.

Also, it was possible to use specially formatted 'MAILTO' environment variables to send commands to sendmail.

8. Solution:

For each RPM for your particular architecture, run:

rpm -Uvh

where filename is the name of the RPM.

9. Verification:

MD5 sum Package Name 

a90bf7adbc719fdb5a8ed335fda32a3c  i386/vixie-cron-3.0.1-36.4.2.i386.rpm
2b6b0b00cdeca0381ab2893ddf2f2bd1  alpha/vixie-cron-3.0.1-36.4.2.alpha.rpm
02d183979b594a7e7a9c1bc8566b2f16  sparc/vixie-cron-3.0.1-36.4.2.sparc.rpm
b8ac0c21e108ebd67925c224f7a0b82b  SRPMS/vixie-cron-3.0.1-36.4.2.src.rpm

7df6884f0709b078d19f390db2a7e304  i386/vixie-cron-3.0.1-36.5.2.i386.rpm
b51b4ea612c4f5a59c1bb4e76af95eeb  alpha/vixie-cron-3.0.1-36.5.2.alpha.rpm
5ceeb614442bd4d4ce8a9680664d77e4  sparc/vixie-cron-3.0.1-36.5.2.sparc.rpm
9f411cb3c7c1c53423eebc9d5f64619a  SRPMS/vixie-cron-3.0.1-36.5.2.src.rpm

39bbedeade7dc6da6f0ab5acfb3af6da  i386/vixie-cron-3.0.1-37.i386.rpm
addec82afbd131aef14fadf8cfb8ddcf  alpha/vixie-cron-3.0.1-37.alpha.rpm
b56db77c411f72825efbffed43780213  sparc/vixie-cron-3.0.1-37.sparc.rpm
243d9099bdb94bd0d075de4da4dbba12  SRPMS/vixie-cron-3.0.1-37.src.rpm

These packages are PGP signed by Red Hat Inc. for security. Our key is available at:

http://www.redhat.com/corp/contact.html

You can verify each package with the following command:

rpm --checksig

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nopgp

10. References:



No talkbacks posted.
  Home | Search Talkbacks | Customize View    Top of Page  



Enter your comments below:

* Your Name:

* Your Email Address:

* Subject:

CC: [will also send this talkback to an E-Mail address]

* Comments:

Tags allowed:<I>,<B> and <U>. See our talkback-policy for more about talkback content.

Fields marked with * are required!






..............................




All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux, Apache and PHP

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Symantec Whitepaper: Converging System and Data Protection for Complete Disaster Recovery
Intel Whitepaper: Comparing Two- and Four-Socket Platforms for Server Virtualization
IBM Solutions Brief: Go Green With IBM System xTM And Intel
HP eBook: Simplifying SQL Server Management
IBM Contest: Are You the Next Superstar? Join the "Search for the XML Superstar" Contest to Find Out
Intel PDF: Quad-Core Impacts More Than the Data Center
Intel PDF: Virtualization Delivers Data Center Efficiency
Go Parallel Article: PDC 2008 in Review
Avaya Article: Communication-Enabled Mashups: Empowering Both Business Owners and IT
Intel Whitepaper: Building a Real-World Model to Assess Virtualization Platforms
PDF: Intel Centrino Duo Processor Technology with Intel Core2 Duo Processor
   Microsoft Article: Build and Run Virtual Machines with Hyper-V Server 2008
Go Parallel Article: Q&A with a TBB Junkie
IBM Whitepaper: Innovative Collaboration to Advance Your Business
Internet.com eBook: Real Life Rails
IBM eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site
IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Symantec Whitepaper: Comprehensive Backup and Recovery of VMware Virtual Infrastructure
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Live to Code Video: I Don't Buy Games, I Make Them
Attend the IBM Service Management World Tour--Register now!
Video: Intel Launches Data Center Efficiency Initiative
Intel Podcast: Talking vPro
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
   Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
Go Parallel Video: Performance and Threading Tools for Game Developers
Rackspace Hosting Center: Customer Videos
Live to Code Robotics Video: Libby the Hexapod
HP Disaster-Proof Solutions eSeminar
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Microsoft Cloud Computing Tools
Amyuni Download: PDF & XPS Engine for Your .NET and ActiveX Applications
Acresso Download: Try InstallShield 2009
Microsoft Download: Silverlight 2 SDK
Access Crystal Reports for Eclipse Basic Edition (Free)
30-Day Trial: SPAMfighter Exchange Module
   Red Gate Download: SQL Toolbelt
Intel Business Exhange Software Download Store
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Developer Runtime (Windows)
AJAX Control Toolkit
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

VMware Online Virtualization Forum: Learn about the benefits of a virtual infrastructure, network with industry experts--Register today!
Demo: Dual-Core Intel Itanium 2 Processor
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
   Microsoft Article: Making Designer/Developer Collaboration a Reality
Windows Home Server: Access Your Data from Almost Anywhere!
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES