Crontab File Disclosure Vulnerability
BID:2332
Info
Crontab File Disclosure Vulnerability
| Bugtraq ID: | 2332 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 23 2001 12:00AM |
| Updated: | Jan 23 2001 12:00AM |
| Credit: | Reported to bugtraq by FreeBSD Security Advisories < [email protected] > on Jan 23, 2001. Kyong-won Cho <[email protected]> is credited with discovery of this vulnerability. |
| Vulnerable: |
FreeBSD FreeBSD 4.1.1 -STABLE FreeBSD FreeBSD 4.1.1 -RELEASE FreeBSD FreeBSD 4.1.1 FreeBSD FreeBSD 4.1 FreeBSD FreeBSD 4.0 alpha FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.5.1 FreeBSD FreeBSD 3.5 FreeBSD FreeBSD 3.4 FreeBSD FreeBSD 3.3 FreeBSD FreeBSD 3.2 FreeBSD FreeBSD 3.1 FreeBSD FreeBSD 3.0 Debian Linux 2.2 Apple Mac OS X 10.1 |
| Not Vulnerable: | |
Discussion
Crontab File Disclosure Vulnerability
Versions of cron are vulnerable to a file disclosure vulnerability. Arbitrary files which conform to the crontab format can be read by any local user. These include files having lines which are either blank, or begin with a '#' character.
Versions of cron are vulnerable to a file disclosure vulnerability. Arbitrary files which conform to the crontab format can be read by any local user. These include files having lines which are either blank, or begin with a '#' character.
Exploit / POC
Crontab File Disclosure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Crontab File Disclosure Vulnerability
Solution:
FreeBSD patch obtained from OpenBSD (Todd Miller <[email protected]>)
Debian Linux 2.2
FreeBSD FreeBSD 3.0
FreeBSD FreeBSD 3.1
FreeBSD FreeBSD 3.2
FreeBSD FreeBSD 3.3
FreeBSD FreeBSD 3.4
FreeBSD FreeBSD 3.5
FreeBSD FreeBSD 3.5.1
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1
Solution:
FreeBSD patch obtained from OpenBSD (Todd Miller <[email protected]>)
Debian Linux 2.2
-
Debian 2.2 i386 cron_3.0pl1-57.2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/cron_ 3.0pl1-57.2_i386.deb
FreeBSD FreeBSD 3.0
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 3.1
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 3.2
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 3.3
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 3.4
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 3.5
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 3.5.1
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 4.0 alpha
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 4.0
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 4.1
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
FreeBSD FreeBSD 4.1.1
-
FreeBSD 4.x crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.pa tch
References
Crontab File Disclosure Vulnerability
References:
References: