|
COMMAND crontab format string vulnerability SYSTEMS AFFECTED SCO/Caldera OpenServer 5.0.6 PROBLEM KF [http://www.snosoft.com] found following, as related in Strategic Reconnaissance Team Security Advisory (SRT2002-06-04-1611). The SCO OpenServer crontab application is installed setgid cron and can be used to schedule execution of programs and scripts. This implementation of crontab contains a format string vulnerability which can be used to execute code in order to elevate privileges: $ crontab %x%x%x%x crontab: cannot open file 8047f08804a5578047cd48047cd4 Due to the nature of crontab it is very likely that ones \'cron\' group privileges have been obtained it is possible to get higher privileges Impact ====== Local users can elevate their privileges trough this vulnerability. SOLUTION The vendor was notified and is diligently working on a fix. Until such a fix has been made available disable crontab or deny access from untrusted sources to the affected systems.