[tech] cron MAILTO= security hole
David Luyer
luyer at ucs.uwa.edu.au
Mon Aug 30 13:54:16 WST 1999
A temporary patch for the cron MAILTO= security hole has been installed on
mermaid.
(example exploit - MAILTO='-bi -O AliasFile=/etc/shadow' I think, makes a
database /etc/shadow.db mode 644 keys = usernames values = shadow entries;
could also probably be used for arbitrary command execution quite easily)
Source in /usr/local/src/cyllene/main/admin/cron/... as per normal.
David.
More information about the tech
mailing list