Date: Sun, 2 Jan 2000 23:13:55 +0100 (MET) From: Ole Pahl <op@pahl.net> To: Przemyslaw Frasunek <venglin@FreeBSD.lublin.pl> Cc: freebsd-bugs@freebsd.org, bugtraq@securityfocus.com Subject: RE: Bug in recent versions of Vixie cron Message-ID: <Pine.LNX.4.05.10001022307200.12566-100000@muschel.global-phun.net> In-Reply-To: <XFMail.000102215935.venglin@FreeBSD.lublin.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 Jan 2000, Przemyslaw Frasunek wrote: > > This problem seems to be present in current versions of Vixie cron, e.g. > > those used in operating systems like FreeBSD 3.4-RC as well as certain > > Linux distributions such as SuSE Linux 6.2. > FreeBSD is and was NOT vulnerable to this problem. The person who tried to reproduce this problem on his FreeBSD machine just confirmed that he could not pass arbitrary commands to Sendmail using the MAILTO environment variable. However, Sendmail is still executed as root - that condition can't be exploited due to proper argument checking, though. For further replies, please make sure to remove BugTraq from the CC list in order to keep Aleph1 from being bothered - I think any further discussion on this issue is not relevant for BugTraq. Regards, Ole Pahl -- Ole Pahl <op@pahl.net> Hamburg / Germany Fon: +49 40 7807 2601 PAHL.NET Network Solutions Mail: info@pahl.net Fax: +49 40 7807 2602 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.10001022307200.12566-100000>