Lucene search

K

[email protected]NVD:CVE-2010-0424

HistoryFeb 25, 2010 - 7:30 p.m.

CVE-2010-0424

2010-02-2519:30:00

CWE-59

[email protected]

web.nvd.nist.gov

1

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

Affected configurations

NVD

Node

fedorahostedcronieRange≤1.4.3

OR

paul_vixievixie_cron

References

git.fedorahosted.org/git/cronie.git?p=cronie.git%3Ba=commit%3Bh=9e4a8fa5f9171fb724981f53879c9b20264aeb61

lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html

secunia.com/advisories/38700

secunia.com/advisories/38741

secunia.com/advisories/48104

www.securityfocus.com/bid/38391

bugzilla.redhat.com/show_bug.cgi?id=565809

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2010-0424

nessus15 openvas8 fedora3 redhat2 gentoo1 veracode1 debiancve1 cvelist1 cve1 oraclelinux1 ubuntucve1 prion1