RedHatRHSA-2006:0539(RHSA-2006:0539) vixie-cron security update
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.4%
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
A privilege escalation flaw was found in the way Vixie Cron runs programs;
vixie-cron does not properly verify an attempt to set the current process
user id succeeded. It was possible for a malicious local users who
exhausted certain limits to execute arbitrary commands as root via cron.
(CVE-2006-2607)
All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ppc | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.ppc.rpm |
| RedHat | any | x86_64 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.x86_64.rpm |
| RedHat | any | s390x | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.s390x.rpm |
| RedHat | any | i386 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.i386.rpm |
| RedHat | any | ia64 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.ia64.rpm |
| RedHat | any | src | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.src.rpm |
| RedHat | any | s390 | vixie-cron | < 4.1-44.EL4 | vixie-cron-4.1-44.EL4.s390.rpm |
Related
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.4%