410 matches found
Проблемы с crontab (symlink)
Проблема символьных линков при использовании crontab -e Можно прочитать любой файл. В FreeBSD - любой начинающийся с символа...
Небольшая дырка в Crontab FreeBSD
Можно открыть любой файл в формает Crontab, в т.ч. расписания других пользователей...
FreeBSD-SA-01:09.crontab
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:09 Security Advisory FreeBSD, Inc. Topic: crontab allows users to read certain files REVISED Category: core Module: crontab Announced: 2001-01-23 Revised: 2001-01-25...
CVE-2000-0972
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates...
CVE-2000-1096
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating...
CVE-2000-0972
HP-UX 11.00 crontab allows local users to read arbitrary files through the -e option by creating a symlink to the target file during the crontab session, then quitting and reading the error messages crontab generates. Affected software: HP-UX 11.00 crontab. Root cause: symlink exposure via cronta...
CVE-2000-1096
The CVE-2000-1096 entry concerns the crontab utility by Paul Vixie, where temporary files are created with predictable names and there is insufficient verification that the file is owned by the user running crontab -e. This enables local users who have write access to the crontab spool directory ...
CVE-2000-1096
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating...
CVE-2000-0972
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates...
PT-2000-1882 · Hewlett Packard · Hp-Ux
Name of the Vulnerable Software and Affected Versions: HP-UX version 11.00 Description: The issue allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab...
vixie-cron - Local Privilege Escalation
vixie-cron - Local Privilege Escalation !/bin/sh echo '.-------------------------------------------------------------------------.' echo '| Marchew Hyperreal Industries ................... |' echo "| ...well, it is just me, but it is more elite to speak as a group... |" echo...
vixie-cron - Local Privilege Escalation
!/bin/sh echo '.-------------------------------------------------------------------------.' echo '| Marchew Hyperreal Industries ................... |' echo "| ...well, it is just me, but it is more elite to speak as a group... |" echo "--------------------------------- presents...
HP-UX 11.0010.20 crontab - Overwrite Files
HP-UX 11.0010.20 crontab - Overwrite Files !/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh if -z "$1" then echo "Usage : $0 " exit fi cat /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR crontab -e ...
HP-UX 11.00/10.20 crontab Overwrite Files Exploit
Exploit for hp-ux platform in category dos / poc ================================================= HP-UX 11.00/10.20 crontab Overwrite Files Exploit ================================================= !/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho email protected Usage : ./crontab.sh if -z "$1"...
HP-UX 11.00/10.20 crontab - Overwrite Files
!/bin/sh HP-UX 11.00/10.20 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh if -z "$1" then echo "Usage : $0 " exit fi cat /tmp/crontabexp !/bin/sh ln -sf $1 $1 EOF chmod 755 /tmp/crontabexp EDITOR=/tmp/crontabexp export EDITOR crontab -e 2 /tmp/crontab$$ grep -v "error on previous...
vixie cron...
Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...
Re: [ Hackerslab bug_paper ] HP-UX crontab temporary file symboliclink vulnerability
Hi, Tested on 4.0-RELEASE FreeBSD 4.0-RELEASE 9 4.1-RELEASE FreeBSD 4.1-RELEASE 1: Can read any file wich start with comment simbol $ ls -l /etc/sudoers -r-------- 1 root wheel 313 24 oct 20:20 /etc/sudoers $ id uid=1002alf gid=1002alf groups=1002alf $ crontab -e /tmp/crontab.hLmjTbK417 :!sh Make...
hp-ux.crontab.sh
Hackerslab bugpaper HP-UX crontab temporary file symbolic link vulnerability Attach ====================== crontab.sh ================================ !/bin/sh HP-UX 11.00 crontab Kyong-won,Cho [email protected] Usage : ./crontab.sh if -z "$1" then echo "Usage : $0 " exit fi cat /tmp/crontabex...
[ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
============================================================================ ==== Hackerslab bugpaper HP-UX crontab temporary file symbolic link vulnerability ============================================================================ ==== File : /usr/bin/crontab SYSTEM : HP-UX Tested in HP-UX...
HP-UX 10.2011.0 - crontab tmp File
HP-UX 10.2011.0 - crontab tmp File source: https://www.securityfocus.com/bid/1845/info crontab is a binary in the cron package of the HP-UX cron implementation which allows a user to create a file of scheduled commands. A vulnerabiltiy in crontab exists that allows a user to read any file on an...