Debian: DSA-024-1 Critical: Cron Local Issue with Insecure Handling
debian
January 27, 2001
Local insecure crontab handling vulnerability exists in previous versions.
Topics Covered
Summary
Package : cron
Vulnerability : local insecure crontab handling
Debian-specific: no
The FreeBSD team has found a bug in the way new crontabs were handled
which allowed malicious users to display arbitrary crontab files on
the local system. This only affects valid crontab files so can't be
used to get access to /etc/shadow or something. crontab files are not
especially secure anyway, as there are other ways they can leak. No
passwords or similar sensitive data should be in there.
We recommend you upgrade your cron packages.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures.
Source archives:
MD5 checksum: 4c64aece846f8483daf440f8e3dd210f
MD5 checksum: c67b27e4ebf1c87abd244dea3a8765d4
MD5 ch...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!