[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] buffer overflow in crontab command

To: linux-security
Subject: [linux-security] buffer overflow in crontab command
From: Martin Siegert <siegert@sfu.ca>
Date: Mon, 19 Feb 2001 17:38:38 -0800
User-Agent: Mutt/1.2i

Topic
=====
buffer overflow in crontab command could allow certain users to
gain elevated privileges.

Problem description
===================
A buffer overflow existed in the 'crontab' command; if called
by a user with a username longer than 20 characters. If the
system administrator has created usernames of that length, it
would be possible for those users to gain elevated privileges.

Affected Systems
================
Linux systems using vixie-cron.

Workaround
==========
Do not create usernames longer than 20 characters.

Solution
========
For now only RedHat has patched their distribution.

RedHat 6.x
----------
rpm -Fvh vixie-cron-3.0.1-40.1.i386.rpm

RedHat 7.0
----------
rpm -Fvh vixie-cron-3.0.1-61.i386.rpm

Prev by Date: [linux-security] local root exploit in linux kernel
Next by Date: [linux-security] sudo buffer overflow
Prev by thread: [linux-security] sudo buffer overflow
Next by thread: [linux-security] local root exploit in linux kernel
Index(es):
- Date
- Thread