On Tue, May 08, 2001 at 02:01:21PM -0700, Jay D. Dyson wrote:
> On Tue, 8 May 2001, Edwin Chiu wrote:
>
> > The exploit failed for:
> > Redhat 6.1
> > vixie-cron-3.0.1-39
> > Redhat 6.2
> > vixie-cron-3.0.1-40
>
> *nod* I wrote to Cade directly regarding the advisory as it seems
> to me that the issue is more a matter of Debian's implementation of Vixie
> cron than an issue with Vixie cron itself. I'm still futzing with it to
> see if any other implementations will squeal. Fun and interesting results
> will be posted when found. ;)
I think this is a Linux-specific "enhancement" to vixie cron; nothing
remotely similar to the affected code seems to be in the FreeBSD
version, and I thought we were using the most recent vendor version.
Kris
PGP signature
