5 matches found
Ubuntu: Security Advisory (USN-778-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 10 Security Update : cron (cron-1440)
A missing check on the return value of setuid in vixie-cron could be used by a local user to gain root privileges by exhausting resource limits and waiting for a cronjob to trigger. This is tracked by the Mitre CVE ID CVE-2006-2607. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Important: Red Hat Security Advisory: vixie-cron security update
Updated vixie-cron packages that fix a privilege escalation issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified...
CVE-2006-2607
docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...
CVE-2006-2607
CVE-2006-2607 refers to a local privilege escalation in vixie-cron 4.1 where do_command.c does not check the return value of setuid(), potentially allowing a root gain if setuid() fails (e.g., PAM limits or resource limits). Connected advisories confirm this vulnerability and document patches/ups...