Ubuntu 778-1: cron vulnerability

    Date01 Jun 2009
    CategoryUbuntu
    63
    Posted ByLinuxSecurity Advisories
    It was discovered that cron did not properly check the return code ofthe setgid() and initgroups() system calls. A local attacker could usethis to escalate group privileges. Please note that cron versions 3.0pl1-64and later were already patched to address the more serious setuid() checkreferred to by CVE-2006-2607. [More...]
    ===========================================================
    Ubuntu Security Notice USN-778-1              June 01, 2009
    cron vulnerability
    CVE-2006-2607
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    Ubuntu 9.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      cron                            3.0pl1-92ubuntu1.1
    
    Ubuntu 8.04 LTS:
      cron                            3.0pl1-100ubuntu2.1
    
    Ubuntu 8.10:
      cron                            3.0pl1-104+ubuntu5.1
    
    Ubuntu 9.04:
      cron                            3.0pl1-105ubuntu1.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that cron did not properly check the return code of
    the setgid() and initgroups() system calls. A local attacker could use
    this to escalate group privileges. Please note that cron versions 3.0pl1-64
    and later were already patched to address the more serious setuid() check
    referred to by CVE-2006-2607.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-92ubuntu1.1.diff.gz
          Size/MD5:    49957 be99a97742618d1ee98841b007261478
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-92ubuntu1.1.dsc
          Size/MD5:      693 90bd74d44d50f316995ce641b5c1748f
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz
          Size/MD5:    59245 4c64aece846f8483daf440f8e3dd210f
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-92ubuntu1.1_amd64.deb
          Size/MD5:    66132 3c3567e4041ca920f58aff3ec370785e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-92ubuntu1.1_i386.deb
          Size/MD5:    60362 a4f44b8d8c9781053d8f545ebcde2011
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-92ubuntu1.1_powerpc.deb
          Size/MD5:    69354 b1c666c74fd2711fb0f942d57326333b
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-92ubuntu1.1_sparc.deb
          Size/MD5:    61404 7bb09fbd5e5a2c8f479b2cb5296b6053
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1.diff.gz
          Size/MD5:    67887 a5af279d0b7acafd0d885707e2301a97
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1.dsc
          Size/MD5:      795 3680f051b5bbaa54252da7d92f10f232
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz
          Size/MD5:    59245 4c64aece846f8483daf440f8e3dd210f
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1_amd64.deb
          Size/MD5:    83894 72449a38f5c3ce3b3716e386a1d1fd2f
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1_i386.deb
          Size/MD5:    79432 240d6d01e1d33d9d606c19780571b0d6
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1_lpia.deb
          Size/MD5:    78234 ec5c95520d9e3e94a572c8095e976f0b
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1_powerpc.deb
          Size/MD5:    91154 5a110f1e1094522323f5773f39b10c93
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-100ubuntu2.1_sparc.deb
          Size/MD5:    81388 6f546235162b4c89bc247453418fadfa
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1.diff.gz
          Size/MD5:    69691 5dc135e1d9ffa07bf88a0d11cafad393
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1.dsc
          Size/MD5:     1189 650b8107492613cab5713a594b3662e7
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz
          Size/MD5:    59245 4c64aece846f8483daf440f8e3dd210f
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1_amd64.deb
          Size/MD5:    88220 889eec9f40f176e3eca03961b2eb6c02
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1_i386.deb
          Size/MD5:    83228 40aaf042c987c54d18d2dda7bd1d9b6c
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1_lpia.deb
          Size/MD5:    81730 480f1d0080ba57093ad5ea831e0eb408
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1_powerpc.deb
          Size/MD5:    91906 92ede863ffb9ee89e95d0f0a736d6677
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-104+ubuntu5.1_sparc.deb
          Size/MD5:    86018 98da4980996f8f0a09759ded88cd0f6d
    
    Updated packages for Ubuntu 9.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1.diff.gz
          Size/MD5:    70384 eb0ce0dd8aab4df19f1e499ac10436b8
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1.dsc
          Size/MD5:     1185 d1b008b50afc357bedbfbc0b8980c547
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1.orig.tar.gz
          Size/MD5:    59245 4c64aece846f8483daf440f8e3dd210f
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1_amd64.deb
          Size/MD5:    89016 3d8f8e87c84ac90fdf2c89556656ce32
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1_i386.deb
          Size/MD5:    83898 109b7ff37a0f60977448a59571bf0493
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1_lpia.deb
          Size/MD5:    82642 e74dfc0bf984db836b34aa19a64b8a24
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1_powerpc.deb
          Size/MD5:    92660 fc4bb8046c76e905a4f05461af635a50
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/c/cron/cron_3.0pl1-105ubuntu1.1_sparc.deb
          Size/MD5:    86816 1594345cabfc8957565cc5f771eb1f57
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.