Date: Sun, 02 Jan 2000 12:55:59 -0800 From: Paul A Vixie <vixie@mibh.net> To: Ole Pahl <op@pahl.net> Cc: bugtraq@securityfocus.com, submission@rootshell.com, cert@cert.org, cert@cert.dfn.de, freebsd-bugs@freebsd.org, info@suse.de, isc-info@isc.org Subject: Re: Bug in recent versions of Vixie cron Message-ID: <200001022055.MAA05785@redpaul.mibh.net> In-Reply-To: Your message of "Sun, 02 Jan 2000 21:21:51 %2B0100." <Pine.LNX.4.05.10001022010080.12566-100000@muschel.global-phun.net>
next in thread | previous in thread | raw e-mail | index | archive | help
if your cron source (do_command.c) does not include the function safe_p() then it is vulnerable to this. this hole was fixed in 1996. take a look at isc cron 4.0 beta1, at ftp://ftp.isc.org/isc/cron_4.0_b1.shar. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001022055.MAA05785>