Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201311-04
HistoryNov 07, 2013 - 12:00 a.m.

Vixie cron: Denial of service

2013-11-0700:00:00
Gentoo Foundation
security.gentoo.org
13

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Background

Paul Vixie’s cron daemon, a fully featured crond implementation.

Description

Vixie cron contains a race condition relating to atime and mtime values of temporary files.

Impact

A local attacker could change the modification time of files, possibly resulting in a Denial of Service condition via a symlink attack.

Workaround

There is no known workaround at this time.

Resolution

All Vixie cron users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r14"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-process/vixie-cron< 4.1-r14UNKNOWN

Related

nessus 15
openvas 8
veracode 1
debiancve 1
fedora 3
nvd 1
redhat 2
cvelist 1
cve 1
oraclelinux 1
ubuntucve 1
prion 1
nessus
nessus
SuSE 11 Security Update : cron (SAT Patch Number 2027)
2010-03-19 00:00:00
Fedora 13 : cronie-1.4.4-1.fc13 (2010-3642)
2010-07-01 00:00:00
Scientific Linux Security Update : vixie-cron on SL5.x i386/x86_64 (20120221)
2012-08-01 00:00:00
openvas
openvas
RedHat Update for vixie-cron RHSA-2012:0304-03
2012-02-21 00:00:00
RedHat Update for vixie-cron RHSA-2012:0304-03
2012-02-21 00:00:00
Fedora Update for cronie FEDORA-2010-4300
2010-03-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:10:19
debiancve
debiancve
CVE-2010-0424
2010-02-25 19:30:00
fedora
fedora
[SECURITY] Fedora 13 Update: cronie-1.4.4-1.fc13
2010-03-05 03:33:16
[SECURITY] Fedora 11 Update: cronie-1.3-4.fc11
2010-03-16 00:42:42
[SECURITY] Fedora 12 Update: cronie-1.4.3-4.fc12
2010-02-24 06:12:41
nvd
nvd
CVE-2010-0424
2010-02-25 19:30:00
redhat
redhat
(RHSA-2012:0304) Low: vixie-cron security, bug fix, and enhancement update
2012-02-21 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
cvelist
cvelist
CVE-2010-0424
2010-02-25 19:00:00
cve
cve
CVE-2010-0424
2010-02-25 19:30:00
oraclelinux
oraclelinux
vixie-cron security, bug fix, and enhancement update
2012-03-01 00:00:00
ubuntucve
ubuntucve
CVE-2010-0424
2010-02-25 00:00:00
prion
prion
Directory traversal
2010-02-25 19:30:00

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for GLSA-201311-04
nessus15openvas8veracode1debiancve1fedora3nvd1redhat2cvelist1cve1oraclelinux1ubuntucve1prion1