info
discussion
exploit
solution
references
OpenBSD Default Crontab root Compromise Vulnerability
Solution:
An CVS fix is available from OpenBSD:
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 3.0 collect.c CVS Fix
It may be required to upgrade to OpenBSD 3.0 before this patch (from CVS) can be applied. If this is not possible, it is suggested that the cron tasks be disabled.
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/mail/collect.c.diff? r1=1.23&r2=1.24
Privacy Statement
Copyright 2010, SecurityFocus
