PRIOn knowledge basePRION:CVE-2006-2607Deserialization of untrusted data
6.7 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
47.7%
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
| CPE | Name | Operator | Version |
|---|---|---|---|
| vixie_cron | eq | 4.1 |
References
bugs.gentoo.org/show_bug.cgi?id=134194
secunia.com/advisories/20380
secunia.com/advisories/20388
secunia.com/advisories/20616
secunia.com/advisories/21032
secunia.com/advisories/21702
secunia.com/advisories/35318
security.gentoo.org/glsa/glsa-200606-07.xml
securitytracker.com/id?1016480
support.avaya.com/elmodocs2/security/ASA-2006-168.htm
www.novell.com/linux/security/advisories/2006-05-32.html
www.redhat.com/support/errata/RHSA-2006-0539.html
www.securityfocus.com/archive/1/435033/100/0/threaded
www.securityfocus.com/bid/18108
www.vupen.com/english/advisories/2006/2075
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178431
exchange.xforce.ibmcloud.com/vulnerabilities/26691
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213
usn.ubuntu.com/778-1/
Related
6.7 Medium
AI Score
Confidence
Low
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
47.7%