[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ALERT - Slackware 3.4 - ALERT



There is an exploit in Slackware 3.4 where *local* users can gain root.
Check it out, I recived this from "Linux Alert" mailing list:
>>>>>>>>>>>>>>>
From: "KSR\[T\]" <ksrt@dec.net>
Subject: [linux-alert] KSR[T] #005: Dillon crontab / crond
Date: Tue, 9 Dec 1997 03:15:45 -0800 (PST)

-----                                                     
KSR[T] Website : http://www.dec.net/ksrt
E-mail: ksrt@dec.net                                      
-----                

                                                          KSR[T]
Advisory #005
                                                          Date:   Dec 
6, 1997
                                                          ID #:  
lin-dcrn-005 

Operating System(s): Slackware 3.4

Affected Program:    dillon crontab / crond ( dcron 2.2 )

Problem Description: The crond that comes with Slackware 3.4 contains
                     a locally exploitable buffer overflow.  When crond
                     attempts to run a particular cronjob, it will take
                     the user specified command line and copy it into
                     an automatic variable via vsprintf().  ( This is
                     done when the function RunJob() calls fdprintf(),
                     in job.c and subs.c respectively. )
               
                     A quick glance shows another potential overflow
                     in subs.c, involving the logging functions.  This
                     is also fixed in the patch below.

Compromise:          Users with an account on the machine can gain 
                     root access.

Patch/Fix:           We would like to thank Erik Schorr for prividing
                     us with this patch:

-- cut here --
 
Slackware 3.4 crond fix
 
/usr/sbin/crond is installed with the bin.tgz package in Slackware 3.4.
 A
patched version of this package is available from the Slackware FTP
site:
 
ftp://ftp.cdrom.com/pub/linux/slackware-3.4/slakware/a2/bin.tgz
 
The source and patch can also be found on the FTP site:
 
ftp://ftp.cdrom.com/pub/linux/slackware-3.4/source/a/bin/dcron22.tar.gz
ftp://ftp.cdrom.com/pub/linux/slackware-3.4/source/a/bin/dcron22.diff.gz
 
MD5 sums for the source, patch, and binary package follow:
 
a76744f19a9361cb5b5d93dcc2bf503f  bin.tgz
9eb478dba39eb8a708dbd6764d6c6ad9  dcron22.tar.gz
c248f7871cf6ba84267cbd90c9c3f084  dcron22.diff.gz
 
-- cut here --

<<<<<<<,

Just wanted you to know... :)

  Miki,