Probably a lot of freebsd servers affected
Security bug allows to edit other users crontab
root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp
root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp
root# echo @daily doit baby > /tmp/test
root# crontab -u www.
So your doing it as root. Root can do that. As it has access to everything.
On Sep 1, 2016 8:15 AM, "Andrii Kuzik" wrote:
> Probably a lot of freebsd servers affected
>
> Security bug allows to edit other users crontab
>
> root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp
>
Hi,
On Thu, Sep 1, 2016, at 21:47, Andrii Kuzik wrote:
> Probably a lot of freebsd servers affected
>
> Security bug allows to edit other users crontab
>
> root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp
> root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -
> root# pw useradd -n www.promspecbud.com -g nobody -s /bin/sh -d /tmp
> root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp
I'm really sleepy so this might be wrong or outdated, but
aren't/weren't FreeBSD usernames limited to 16 characters? Seems to me
this probably relate
On Thu, 1 Sep 2016, Edho Arief wrote:
> Date: Thu, 1 Sep 2016 15:43:58
> From: Edho Arief
> To: freebsd-security@freebsd.org
> Subject: Re: edit others user crontab, security bug
>
> Hi,
>
> On Thu, Sep 1, 2016, at 21:47, Andrii Kuzik wrote:
> > Probably a lot of freebsd servers affected
> >
On Thu, Sep 1, 2016 at 10:37 AM, Matt Donovan wrote:
> On Sep 1, 2016 8:15 AM, "Andrii Kuzik" wrote:
(...)
>> root# crontab -u www.promspecbud.com.other /tmp/test
>> root# crontab -u www.promspecbud.com -l
>
> So your doing it as root. Root can do that. As it has access to everything.
This ma
