Sun, Feb 11, 2001 at 00:38:02, achter05 (Flatline) wrote about "vixie cron possible
local root compromise":
146c146
strcpy(User, pw-pw_name);
---
strncpy(User, pw-pw_name, MAX_UNAME - 1);
Or simply remove the setuid bit on /usr/bin/crontab until a vendor patch
has been
confirmed for red hat linux 7.0:
[kerouac:mg:~]m4 -G %x
All folks tests it with -G, but it is not really needed.
FreeBSD ports:
netch@iv:~gm4 -G %x
gm4: bfbffb8c: No such file or directory
netch@iv:~gm4 %x
gm4: bfbffb8c: No such file or directory
netch@iv:~gm4 %d
gm4: -1077937268: No such
Martin Schulze [EMAIL PROTECTED] wrote:
Red Hat has recently released a Security Advisory (RHSA-1999:030-01)
covering a reverse denial of service bug in the vixie cron package.
As user you could restart sendmail even if the host should not receive
mail through the SMTP port.
Further