Just like the recent post to Bugtraq regarding vixie-cron and RH 7.0. crontab does getpwuid() but then stores the name in a 20-byte buffer w/o checking its length. Since crontab is suid root, this could be fun.... [thisnameislongandbreakscrontab@station12 thisnameislongandbreakscrontab]$ crontab Segmentation fault [thisnameislongandbreakscrontab@station12 thisnameislongandbreakscrontab]$ rpm -qf `which crontab` vixie-cron-3.0.1-58 [thisnameislongandbreakscrontab@station12 thisnameislongandbreakscrontab]$
*** This bug has been marked as a duplicate of 27217 ***