Oliver Fromme <[EMAIL PROTECTED]> writes: > Recently there have been advisories and patches for > SuSE and RedHat (and probably a few others) regarding > a vulnerability in Vixie Cron. The details say that > there's insufficient checking of the return value of > setuid, which can lead to priviledge escalation and > lets users run cron jobs with root priviledges. > > As far as I know, FreBSD also uses Vixie Cron (at least > the cron(8) manpage says so). However, I haven't seen > any FreeBSD advisory regarding this, so I wonder if > FreeBSD's cron isn't affected for some reason? > > Any information would be appreciated.
It looks to me like this wasn't exploitable in a default configuration anyway, but it was fixed on 1 June in HEAD and on 1 July in RELENG_6. http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/cron/cron/do_command.c _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
