Gentoo: GLSA-202103-09 Critical: Vixie Cron Security Flaw
gentoo
June 9, 2006
Vixie Cron allows local users to execute programs as root.
Summary
Gentoo Linux Security Advisory GLSA 200606-07
https://security.gentoo.org/
Severity: High
Title: Vixie Cron: Privilege Escalation
Date: June 09, 2006
Bugs: #134194
ID: 200606-07
Synopsis
=======
Vixie Cron allows local users to execute programs as root.
Background
=========
Vixie Cron is a command scheduler with extended syntax over cron.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-process/vixie-cron < 4.1-r9 >= 4.1-r9
==========
Roman Veretelnikov discovered that Vixie Cron fails to properly check
whether it can drop privileges accordingly if setuid() in do_command.c
fails due to a user exceeding assigned resource limits.
Impact
=====
Local users can e...
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!