Re: m4 format string vulnerability

> > confirmed for red hat linux 7.0: > > [kerouac:mg:~]m4 -G %x All folks tests it with -G, but it is not really needed. FreeBSD ports: netch@iv:~>gm4 -G %x gm4: bfbffb8c: No such file or directory netch@iv:~>gm4 %x gm4: bfbffb8c: No such file or directory netch@iv:~>gm4 %d gm4: -1077937268: No

Re: vixie cron possible local root compromise

Sun, Feb 11, 2001 at 00:38:02, achter05 (Flatline) wrote about "vixie cron possible local root compromise": > 146c146 > < strcpy(User, pw->pw_name); > --- > > strncpy(User, pw->pw_name, MAX_UNAME - 1); > > Or simply remove the setuid bit on /usr/bin/crontab until a vendor patch > h

Re: Vixie Cron version 3.0pl1 vulnerable to root exploit

Martin Schulze <[EMAIL PROTECTED]> wrote: > Red Hat has recently released a Security Advisory (RHSA-1999:030-01) > covering a reverse denial of service bug in the vixie cron package. > As user you could restart sendmail even if the host should not receive > mail through the SMTP port. > > Further

Re: Root shell vixie cron exploit

ective uid to real uid via drop_privileges()). We really use sendmail with alternative configuration files in technology. Therefore, MZ is right... -- Valentin Nechayev [EMAIL PROTECTED] II:LDXIII/DCCCLXXIII.CCC