Updated: 2003-01-19 05:50

Buffer over-run bug

CIAC Security Bulletin H-17 [BROKEN LINK in 2008]

1. Command line buffer overrun

Due to insufficient bounds checking on arguments which are supplied by users, it is possible to overwrite the internal stack space of the crontab program while it is executing. By supplying a carefully designed argument to the crontab program, intruders may be able to force crontab to execute arbitrary commands. As crontab is setuid root, this may allow intruders to run arbitrary commands with root privileges.

The CIAC site is down. As an alternative, search for "buffer" here: Incident Management

Web Author: Ian! D. Allen idallen@idallen.ca      Updated: 2003-01-19 05:50

Internet Free Zone Level 1 logo Support free and non-commercial Internet.

Any Browser logo This site works best in Any Browser, a campaign for non-specific WWW.

Creative Commons License logo This work is licensed under a Creative Commons License.