Casinos Not On GamstopNon Gamstop CasinosCasinos Not On GamstopOnline Casinos UKNon Gamstop Casino
1st Jan 1996 [SBWID-228]
COMMAND
	    cron(8)/crontab(1)
SYSTEMS AFFECTED
	    All  platforms  running  FreeBSD  1.0,  1.1,  2.1.0, 2.1.5, 2.1.6,
	    2.1.6.1 and 2.2.
	    All platforms running RedHat Linux version 4.0.
	    All releases of NetBSD up to and including 1.2.
PROBLEM
	    Two unrelated vulnerabilities are known to exist in some  versions
	    of the cron package.
	    1.  Command line buffer overrun
		Due to  insufficient bounds  checking on  arguments which  are
		supplied by users,  it is possible  to overwrite the  internal
		stack space of the crontab program while it is executing.   By
		supplying  a  carefully  designed  argument  to  the   crontab
		program, intruders  may be  able to  force crontab  to execute
		arbitrary  commands.   As  crontab  is  setuid  root, this may
		allow  intruders   to  run   arbitrary  commands   with   root
		privileges.
	    2.  Reading environment buffer overrun
		A similar vulnerability exists in the library routine used to
		load environment variables.  This vulnerable routine is used
		in both cron and crontab.  Due to insufficient bounds
		checking, it may be possible for intruders to manipulate cron
		or crontab into executing arbitrary commands with root
		privileges.
	    Both of these vulnerabilities are known to be present in the Vixie
	    cron package, up  to and including  version 3.0.   This package is
	    installed by default under some versions of Unix.  The Vixie  cron
	    package may have  also been installed  as third party  software by
	    sites.
	
		# strings /usr/bin/crontab | grep -i vix
	
	    Sites  which  have  versions  based  on Vixie cron should consider
	    themselves  vulnerable.    Exploit  information  involving   these
	    vulnerabilities can be found on this page under crontab #2 bug.
SOLUTION
	    Remove setuid and non-root execute permissions and check crontab
	    files
	    For example:
	
		# ls -l /usr/bin/crontab
		-r-sr-xr-x   1 root     bin    20480 Jun 10  1996 /usr/bin/crontab
		# chmod 500 /usr/bin/crontab
		# ls -l /usr/bin/crontab
		-r-x------   1 root     bin    20480 Jun 10  1996 /usr/bin/crontab
	
	    You may also restrict crontab access.
	
	       # chgrp trusted /usr/bin/crontab
	       # chmod 4750 /usr/bin/crontab
	       # ls -l /usr/bin/crontab
	       -rwsr-x---   1 root    trusted   20480 Jun 10  1996 /usr/bin/crontab

Internet highlights