Debian sigurnosni naputak
cron -- Prisvajanje roota preko crona.
- Datum prijave:
- 30. 08. 1999.
- Zahvaćeni paketi:
- cron
- Ranjiv:
- Da
- Reference na baze podataka o sigurnosti:
- U Mitreovom CVE rječniku: CVE-1999-0769.
- Više informacija:
- cron šalje poštu kao root bez provjeravanja parametara danih sendmailu. To može voditi kompromitiranju roota. Preporučamo hitno nadograđivanje paketa cron.
- Riješeno u:
-
- Izvorni kôd:
- http://security.debian.org/dists/slink/updates/source/cron_3.0pl1-50.2.diff.gz
- http://security.debian.org/dists/slink/updates/source/cron_3.0pl1-50.2.dsc
- http://security.debian.org/dists/slink/updates/source/cron_3.0pl1.orig.tar.gz
- alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/cron_3.0pl1-50.2_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/cron_3.0pl1-50.2_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/cron_3.0pl1-50.2_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/cron_3.0pl1-50.2_sparc.deb