(RHSA-2006:0539) vixie-cron security update

2006-07-12T04:00:00
ID RHSA-2006:0539
Type redhat
Reporter RedHat
Modified 2017-09-08T11:56:50

Description

The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times.

A privilege escalation flaw was found in the way Vixie Cron runs programs; vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607)

All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.