RedHat: Moderate: vixie-cron security update

    Date17 May 2007
    CategoryRed Hat
    3574
    Posted ByLinuxSecurity Advisories
    The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs.
    - ---------------------------------------------------------------------
                       Red Hat Security Advisory
    
    Synopsis:          Moderate: vixie-cron security update
    Advisory ID:       RHSA-2007:0345-01
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0345.html
    Issue date:        2007-05-17
    Updated on:        2007-05-17
    Product:           Red Hat Enterprise Linux
    CVE Names:         CVE-2007-1856 
    - ---------------------------------------------------------------------
    
    1. Summary:
    
    Updated vixie-cron packages that fix a denial of service issue are now
    available.
    
    This update has been rated as having moderate security impact by the Red
    Hat Security Response Team.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Desktop version 3 - i386, x86_64
    Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
    Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
    Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
    Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
    Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
    Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
    Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
    
    3. Problem description:
    
    The vixie-cron package contains the Vixie version of cron. Cron is a
    standard UNIX daemon that runs specified programs at scheduled times.
    
    Raphael Marichez discovered a denial of service bug in the way vixie-cron
    verifies crontab file integrity. A local user with the ability to create a
    hardlink to /etc/crontab can prevent vixie-cron from executing certain
    system  cron jobs. (CVE-2007-1856)
    
    All users of vixie-cron should upgrade to these updated packages, which
    contain a backported patch to correct this issue.
    
    4. Solution:
    
    Before applying this update, make sure that all previously-released
    errata relevant to your system have been applied.  
    
    This update is available via Red Hat Network.  Details on how to use 
    the Red Hat Network to apply this update are available at
    http://kbase.redhat.com/faq/FAQ_58_10188
    
    5. Bug IDs fixed (http://bugzilla.redhat.com/):
    
    223662 - crond failed "Days of week" after a few hours on 1st/Jan
    235880 - CVE-2007-1856 crontab denial of service
    
    6. RPMs required:
    
    Red Hat Enterprise Linux AS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
    7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm
    
    i386:
    ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
    98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
    
    ia64:
    dbd7433ff15f0aaf005cd1bbed789112  vixie-cron-4.1-19.EL3.ia64.rpm
    1e75f2bf0383e74c5d491a023e4f4cff  vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm
    
    ppc:
    097b5ff35bfae9dc80600b1c5c625b28  vixie-cron-4.1-19.EL3.ppc.rpm
    6642327a5b747246059681feb75c48c2  vixie-cron-debuginfo-4.1-19.EL3.ppc.rpm
    
    s390:
    825a473c9476f6c4c0998c9b37c87584  vixie-cron-4.1-19.EL3.s390.rpm
    d6c108ff0f700e2637b8256e04027998  vixie-cron-debuginfo-4.1-19.EL3.s390.rpm
    
    s390x:
    a69ee247f2c81ef9baa7636c8f695ab5  vixie-cron-4.1-19.EL3.s390x.rpm
    eae9c4a5d305cb0077125a51200f6bf8  vixie-cron-debuginfo-4.1-19.EL3.s390x.rpm
    
    x86_64:
    c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
    ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
    
    Red Hat Desktop version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
    7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm
    
    i386:
    ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
    98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
    
    x86_64:
    c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
    ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
    7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm
    
    i386:
    ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
    98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
    
    ia64:
    dbd7433ff15f0aaf005cd1bbed789112  vixie-cron-4.1-19.EL3.ia64.rpm
    1e75f2bf0383e74c5d491a023e4f4cff  vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm
    
    x86_64:
    c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
    ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 3:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
    7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm
    
    i386:
    ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
    98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm
    
    ia64:
    dbd7433ff15f0aaf005cd1bbed789112  vixie-cron-4.1-19.EL3.ia64.rpm
    1e75f2bf0383e74c5d491a023e4f4cff  vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm
    
    x86_64:
    c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
    ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm
    
    Red Hat Enterprise Linux AS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
    c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm
    
    i386:
    e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
    f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
    
    ia64:
    2a8acdc3387f80b88b05d3caf37494b4  vixie-cron-4.1-47.EL4.ia64.rpm
    d02b38ef9530988cf05c1bf4d14b084b  vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm
    
    ppc:
    68741ea68b37363dc302345cc3bf2209  vixie-cron-4.1-47.EL4.ppc.rpm
    4fd9d72458e7571e12336d829b72e97f  vixie-cron-debuginfo-4.1-47.EL4.ppc.rpm
    
    s390:
    4bcc729825cd7622cc9cf2ce317f641f  vixie-cron-4.1-47.EL4.s390.rpm
    610471c0b6115c8162bc338173bbbe69  vixie-cron-debuginfo-4.1-47.EL4.s390.rpm
    
    s390x:
    903f1dbd19ee18070d02b659d8d8ba83  vixie-cron-4.1-47.EL4.s390x.rpm
    b3fb169573665923ed33b42ab92c569a  vixie-cron-debuginfo-4.1-47.EL4.s390x.rpm
    
    x86_64:
    9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
    a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
    
    Red Hat Enterprise Linux Desktop version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
    c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm
    
    i386:
    e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
    f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
    
    x86_64:
    9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
    a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
    
    Red Hat Enterprise Linux ES version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
    c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm
    
    i386:
    e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
    f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
    
    ia64:
    2a8acdc3387f80b88b05d3caf37494b4  vixie-cron-4.1-47.EL4.ia64.rpm
    d02b38ef9530988cf05c1bf4d14b084b  vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm
    
    x86_64:
    9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
    a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
    
    Red Hat Enterprise Linux WS version 4:
    
    SRPMS:
    ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
    c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm
    
    i386:
    e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
    f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm
    
    ia64:
    2a8acdc3387f80b88b05d3caf37494b4  vixie-cron-4.1-47.EL4.ia64.rpm
    d02b38ef9530988cf05c1bf4d14b084b  vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm
    
    x86_64:
    9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
    a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm
    
    Red Hat Enterprise Linux Desktop (v. 5 client):
    
    SRPMS:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vixie-cron-4.1-70.el5.src.rpm
    91b16cc530bd52916de05ebf3a291ec3  vixie-cron-4.1-70.el5.src.rpm
    
    i386:
    bf66188eda08c4e4410854a118448fce  vixie-cron-4.1-70.el5.i386.rpm
    ebbfcef54ccd476f05ce6e107b8c6ae6  vixie-cron-debuginfo-4.1-70.el5.i386.rpm
    
    x86_64:
    2d9c6bdffb703c8ecdfb5bbac74a193e  vixie-cron-4.1-70.el5.x86_64.rpm
    7090e5d8fbc61e8c148c3b5a8e849ee1  vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm
    
    Red Hat Enterprise Linux (v. 5 server):
    
    SRPMS:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vixie-cron-4.1-70.el5.src.rpm
    91b16cc530bd52916de05ebf3a291ec3  vixie-cron-4.1-70.el5.src.rpm
    
    i386:
    bf66188eda08c4e4410854a118448fce  vixie-cron-4.1-70.el5.i386.rpm
    ebbfcef54ccd476f05ce6e107b8c6ae6  vixie-cron-debuginfo-4.1-70.el5.i386.rpm
    
    ia64:
    4bd5c5c644d7cae8a7a35ee8a8db1fe3  vixie-cron-4.1-70.el5.ia64.rpm
    52f06612b2ced2ffef0f10dcc2ef1211  vixie-cron-debuginfo-4.1-70.el5.ia64.rpm
    
    ppc:
    ccd2a860b388dcf0b8174ac301813692  vixie-cron-4.1-70.el5.ppc.rpm
    b972e59606b597f9e6d8040927158294  vixie-cron-debuginfo-4.1-70.el5.ppc.rpm
    
    s390x:
    308a141f06dcf269d3fcbf80d464cd9d  vixie-cron-4.1-70.el5.s390x.rpm
    c704c4150bea7712738eb444ad65a036  vixie-cron-debuginfo-4.1-70.el5.s390x.rpm
    
    x86_64:
    2d9c6bdffb703c8ecdfb5bbac74a193e  vixie-cron-4.1-70.el5.x86_64.rpm
    7090e5d8fbc61e8c148c3b5a8e849ee1  vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and 
    details on how to verify the signature are available from
    https://www.redhat.com/security/team/key/#package
    
    7. References:
    
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1856
    http://www.redhat.com/security/updates/classification/#moderate
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://www.redhat.com/security/team/contact/
    
    Copyright 2007 Red Hat, Inc.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.