Previously Kris Kennaway wrote:
I think this is a Linux-specific enhancement to vixie cron; nothing
remotely similar to the affected code seems to be in the FreeBSD
version, and I thought we were using the most recent vendor version.
As the Debian advisory mentioned, this was the result of a
FYI
The exploit failed for:
Redhat 6.1
vixie-cron-3.0.1-39
Redhat 6.2
vixie-cron-3.0.1-40
Regards,
Edwin
Cade Cairns wrote:
Greetings Bugtraqers,
Attached is a simple proof of concept for the vixie cron vulnerability
recently published in Debian Security Advisory DSA-054-1
