Vixie crontab buffer overflow
| vixie-crontab-bo (6098) |  Medium Risk |
Description:
Vixie crontab is vulnerable to a denial of service attack caused by a buffer overflow in the strcpy function. Due to insufficient bounds checking of the login name in the strcpy function, an attacker can run crontab with a username containing more than 20 characters to overflow the buffer and cause the program to crash.
Consequences:
Denial of Service
Remedy:
For Red Hat Linux 5.2:
Upgrade to the latest version of vixie cron (3.0.1-38.5.2 or later), as listed in RHSA-2001:014-03. See References.
For Red Hat Linux 6.2:
Upgrade to the latest version of vixie cron (3.0.1-40.1 or later), as listed in RHSA-2001:014-03. See References.
For Red Hat Linux 7.0:
Upgrade to the latest version of vixie cron (3.0.1-61 or later), as listed in RHSA-2001:014-03. See References.
For Immunix OS 6.2:
Upgrade to the latest version of vixie cron (3.0.1-40.1 or later), as listed in Immunix OS Security Advisory IMNX-2001-70-003-01. See References.
For Immunix OS 7.0-beta and 7.0:
Upgrade to the latest version of vixie cron (3.0.1-61 or later), as listed in Immunix OS Security Advisory IMNX-2001-70-003-01. See References.
For Linux-Mandrake 6.0, 6.1, 7.0, 7.1, 7.2, Corporate Server 1.0.1:
Upgrade to the latest version of vixie cron (3.0.1-46 or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:022 : vixie-cron. See References.
For HP9000 Series 700/800 running HP-UX 11.00, 11.04, 10.20, 10.24, 10.10, and 10.01:
Apply appropriate patch for your system, as listed in Hewlett-Packard Security Bulletin #0146 (HPSBUX0103-146). See References.
For other distributions:
Contact your vendor for upgrade or patch information.
As a workaround, remove the setuid bit on /user/bin/crontab.
References:
- BugTraq Mailing List, Sat Feb 10 2001 - 17:38:02 CST: vixie cron possible local root compromise.
- CIAC Information Bulletin L-048: Red Hat Linux "vixie-cron buffer overflow username crontab".
- Hewlett-Packard Company Security Bulletin HPSBUX0103-146: Sec. Vulnerability in crontab(1).
- Immunix OS Security Advisory IMNX-2001-70-003-01: vixie-cron. (From Neohapsis archive)
- MandrakeSoft Security Advisory MDKSA-2001:022: vixie-cron.
- CVE-2001-0560: Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
- OSVDB ID: 5583: Vixie Cron Long Username Overflow
- RHSA-2001-014: New vixie-cron packages available
Platforms Affected:
- HP HP-UX 10.01
- HP HP-UX 10.10
- HP HP-UX 10.20
- HP HP-UX 10.24
- HP HP-UX 11.00
- HP HP-UX 11.04
- Immunix Immunix OS 6.2
- Immunix Immunix OS 7.0-beta
- MandrakeSoft Mandrake Linux
- Paul Vixie Vixie Crontab 3.0.1-56
- RedHat Linux 5.2
- RedHat Linux 6.2
- RedHat Linux 7
- RedHat Linux 7.1
- RedHat Linux 7.2
- RedHat Linux 7.3
Reported:
Feb 10, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net