Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps A-M :: dillon~1.txt

Dillon crontab

Date: Tue, 9 Dec 1997 03:15:45 -0800
From: "KSR[T]" <ksrt@DEC.NET>
Subject: KSR[T] #005: Dillon crontab / crond

KSR[T] Website :

                                                          KSR[T] Advisory #005
                                                          Date:   Dec  6, 1997
                                                          ID #:   lin-dcrn-005

Operating System(s): Slackware 3.4

Affected Program:    dillon crontab / crond ( dcron 2.2 )

Problem Description: The crond that comes with Slackware 3.4 contains
                     a locally exploitable buffer overflow.  When crond
                     attempts to run a particular cronjob, it will take
                     the user specified command line and copy it into
                     an automatic variable via vsprintf().  ( This is
                     done when the function RunJob() calls fdprintf(),
                     in job.c and subs.c respectively. )

                     A quick glance shows another potential overflow
                     in subs.c, involving the logging functions.  This
                     is also fixed in the patch below.

Compromise:          Users with an account on the machine can gain
                     root access.

Patch/Fix:           We would like to thank Erik Schorr for prividing
                     us with this patch:

-- cut here --

Slackware 3.4 crond fix

/usr/sbin/crond is installed with the bin.tgz package in Slackware 3.4.  A
patched version of this package is available from the Slackware FTP site:

The source and patch can also be found on the FTP site:

MD5 sums for the source, patch, and binary package follow:

a76744f19a9361cb5b5d93dcc2bf503f  bin.tgz
9eb478dba39eb8a708dbd6764d6c6ad9  dcron22.tar.gz
c248f7871cf6ba84267cbd90c9c3f084  dcron22.diff.gz

-- cut here --

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH