CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
48.7%
CentOS Errata and Security Advisory CESA-2006:0539
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
A privilege escalation flaw was found in the way Vixie Cron runs programs;
vixie-cron does not properly verify an attempt to set the current process
user id succeeded. It was possible for a malicious local users who
exhausted certain limits to execute arbitrary commands as root via cron.
(CVE-2006-2607)
All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-July/075160.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075161.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075162.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075178.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075179.html
Affected packages:
vixie-cron
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0539
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.ia64.rpm |
CentOS | 4 | alpha | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.alpha.rpm |
CentOS | 4 | s390 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.s390.rpm |
CentOS | 4 | s390x | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.s390x.rpm |
CentOS | 4 | x86_64 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.x86_64.rpm |
CentOS | 4 | i386 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.i386.rpm |