COMMAND

    Vixie Cron

SYSTEMS AFFECTED

    Systems running vixie cron pre-3.0 PL 1. Some Linux and BSD boxes?

PROBLEM

    There seems  to be  a number  of holes  in vixie  cron. One such a
    whole  in   an  older   version   was   to  do   something   like:
    "MAILTO="whatever;  /bin/cp  /bin/sh  /tmp;  chmod  4777  /tmp/sh"
    This  one  seams  to  have  been  fixed  but  a new one intruduced
    while  fixing  it.  Something  to  do  with  a temporary file that
    you  could  predict  an  thus  link  to  /etc/passwd  or  somesuch
    thing. Try:

        # crontab -r /etc/master.passwd
        # crontab -l

SOLUTION

    Upgrade to the latest version.  To dissable the -r bug  remove the
    suid bit.