Archive of FreeBSD Security general posting, FreeBSD Security Advisory: FreeBSD-SA-01:09.crontab [REVISED]

26/01/01, FreeBSD Security Advisory: FreeBSD-SA-01:09.crontab [REVISED]
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Subject: FreeBSD Security Advisory: FreeBSD-SA-01:09.crontab [REVISED]
From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
Date: Thu, 25 Jan 2001 13:01:37 -0800 (PST)
Mail-from: From owner-freebsd-security-notifications@FreeBSD.ORG Fri Jan 26 04:02:51 2001
Reply-To: postmaster@FreeBSD.ORG
Sender: owner-freebsd-security-notifications@FreeBSD.ORG

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:09                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:		crontab allows users to read certain files [REVISED]

Category:	core
Module:		crontab
Announced:	2001-01-23
Revised:	2001-01-25
Credits:	Kyong-won Cho <dubhe@HACKERSLAB.COM>
		Patch obtained from OpenBSD (Todd Miller <millert@openbsd.org>)
Affects:	FreeBSD 3.x (all releases), 4.x (all releases prior to 4.2)
                FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the
                correction date.
Corrected:	2000-11-11 (FreeBSD 4.1.1-STABLE)
		2000-11-20 (FreeBSD 3.5.1-STABLE)
FreeBSD only:	No

0.   Revision History

v1.0  2001-01-23  Initial release
v1.1  2001-01-25  Update to credit OpenBSD as source of patch

I.   Background

crontab(8) is a program to edit crontab(5) files for use by the cron
daemon, which schedules jobs to run at specified times.

II.  Problem Description

crontab(8) was discovered to contain a vulnerability that may allow
local users to read any file on the system that conform to a valid
crontab(5) file syntax.  Due to crontab(5) syntax requirements, the
files that may be read is limited and subject to the following
restrictions:

* The file is a valid crontab(5) file, or:
* The file is entirely commented out; every line contains either only
  whitespace, or begins with a '#' character.

The greatest security vulnerability is the disclosure of crontab
entries owned by other users, which may contain sensitive data such as
keying material (although this would often be publically disclosed
anyway at the time when the crontab job executes, via process
arguments and environment, etc).

All released versions of FreeBSD prior to the correction date
including FreeBSD 4.1.1 are vulnerable to this problem.  The problem
was corrected prior to the release of FreeBSD 4.2.

III. Impact

Malicious local users can read arbitrary local files that conform to
a valid crontab file syntax.

IV.  Workaround

One of the following:

1) Utilize crontab allow/deny files (/var/cron/allow and
/var/cron/deny) to limit access to use the crontab(8) utility.

2) Remove the setuid privileges from /usr/sbin/crontab.  However, this
will not allow users other than root to use cron.

V.   Solution

One of the following:

Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.1.1-STABLE
after the correction date.

To patch your present system: download the relavent patch from the
below location and execute the following commands as root:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch.asc

Verify the detached PGP signature using your PGP utility.

# cd /usr/src/usr.sbin/cron/crontab
# patch -p < /path/to/patch
# make depend && make all install
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBOnCTnVUuHi5z0oilAQGinAP8DtcJTo/0t/ajgbhccOSGMm9DHCN+jsou
Nw+3rH07ImrSgeIyINi8d2J+tPL2eakesXm2yKOniuS25PoJN/GuzMC9Qvfybkvg
cmKz3f4Fbzu9auWUUx2c+7GZargpGPRjxuNt86RucYswWjTT96MLs0ORGo9hZbXr
F0kM+1EZoTg=
=ONjc
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security-notifications" in the body of the message



Previous message sorted by date: FreeBSD Security Advisory: FreeBSD-SA-01:09.crontab
Next message sorted by date: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd
Previous message sorted by thread: FreeBSD Security Advisory: FreeBSD-SA-01:09.crontab
Next message by thread: FreeBSD Security Advisory: FreeBSD-SA-01:11.inetd
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2002