CVE

Id
1890  
CVE No.
CVE-2000-0312  
Status
Candidate  
Description
cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron"s fake popen function.  
Phase
Proposed (20010214)  
Votes
ACCEPT(3) Baker, Cole, Collins | MODIFY(1) Frech | REVIEWING(1) Christey  
Comments
Frech> XF:cron-sendmail-root(3335) | Seems like this issue is not just OpenBSD, and is described | differently by other vendors: | SuSE Security Announcement #15 Security hole in cron | http://www.suse.de/de/support/security/suse_security_announce_15.txt | Red Hat, Inc. Security Advisory RHSA-1999:030-02 Buffer overflow in | cron daemon | http://www.redhat.com/support/errata/rh52-errata-general.html#vixie-cron | Caldera Systems, Inc. Security Advisory CSSA-1999-023.0 serious security | problem in cron | http://www.calderasystems.com/support/security/advisories/CSSA-1999-023.0.tx | t | All are dated on or around 1999-08-27 to 1999-08-30. | Also, may overlap with CVE-1999-0769: Vixie Cron on Linux systems allows | local users to set parameters of sendmail commands via the MAILTO | environmental variable. | Christey> See Andre"s comments, but I believe this is different than | CVE-1999-0769. Also consider CVE-1999-0768 and CVE-1999-0872 | (Vixie Cron buffer overflow via MAILTO),  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
6045 1890 CVE-2000-0312 OPENBSD:19990830 In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root.  View

Related JVN