1 |
On Wed, Oct 27, 2010 at 08:33:56PM +0200, Volker Armin Hemmann wrote: |
2 |
> please show me some enterprise distros incorporating that patch. |
3 |
|
4 |
I didn't test that patch; even if it's incorrect, bugreport is not about |
5 |
a patch. It's about a security issue. |
6 |
|
7 |
For example, look here: |
8 |
http://seclists.org/fulldisclosure/2010/Oct/344 |
9 |
|
10 |
This proof-of-concept exploit still works in gentoo (amd64 stable at least, |
11 |
even hardened!), because some dangerous variables are not filtered out. |
12 |
|
13 |
(note if you want to test it: vixie-cron won't execute created file |
14 |
because it's not executable. Either use another crond, or use exploit to |
15 |
create e.g. udev rule instead of crontab entry). |
16 |
|
17 |
|
18 |
Another similar vulunerability caused by not filtering some variables was |
19 |
found about a week ago. I don't know if it still works in Gentoo, because |
20 |
hardened is not affected by that one. |
21 |
http://seclists.org/fulldisclosure/2010/Oct/257 |