Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2006-2607
HistoryMay 25, 2006 - 12:00 a.m.

CVE-2006-2607

2006-05-2500:00:00
ubuntu.com
ubuntu.com
9

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

47.9%

JSON

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code
of a setuid call, which might allow local users to gain root privileges if
setuid fails in cases such as PAM failures or resource limits, as
originally demonstrated by a program that exceeds the process limits as
defined in /etc/security/limits.conf.

Bugs

Notes

Author Note
jdstrand was mistakenly marked not-affected. 3.0pl1-64 added checks for setuid() failing, but did not add the checks for setgid() or initgroups()
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchcron< 3.0pl1-92ubuntu1.1UNKNOWN
ubuntu8.04noarchcron< 3.0pl1-100ubuntu2.1UNKNOWN
ubuntu8.10noarchcron< 3.0pl1-104+ubuntu5.1UNKNOWN
ubuntu9.04noarchcron< 3.0pl1-105ubuntu1.1UNKNOWN

Related

nessus 6
gentoo 1
centos 1
suse 1
cve 1
debiancve 1
prion 1
openvas 4
ubuntu 1
myhack58 1
redhat 1
nessus
nessus
GLSA-200606-07 : Vixie Cron: Privilege Escalation
2006-06-11 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cron vulnerability (USN-778-1)
2009-06-02 00:00:00
openSUSE 10 Security Update : cron (cron-1440)
2007-10-17 00:00:00
gentoo
gentoo
Vixie Cron: Privilege Escalation
2006-06-09 00:00:00
centos
centos
vixie security update
2006-07-12 18:56:16
suse
suse
local privilege escalation in cron
2006-05-31 13:32:34
cve
cve
CVE-2006-2607
2006-05-25 20:02:00
debiancve
debiancve
CVE-2006-2607
2006-05-25 20:02:00
prion
prion
Deserialization of untrusted data
2006-05-25 20:02:00
openvas
openvas
Ubuntu: Security Advisory (USN-778-1)
2009-06-05 00:00:00
Gentoo Security Advisory GLSA 200606-07 (vixie-cron)
2008-09-24 00:00:00
Ubuntu USN-778-1 (cron)
2009-06-05 00:00:00
ubuntu
ubuntu
cron vulnerability
2009-06-01 00:00:00
myhack58
myhack58
Setuid() - nproc limit the type of vulnerability of in-depth analysis-vulnerability warning-the black bar safety net
2006-08-04 00:00:00
redhat
redhat
(RHSA-2006:0539) vixie-cron security update
2006-07-12 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

47.9%

JSON
Related for UB:CVE-2006-2607
nessus6gentoo1centos1suse1cve1debiancve1prion1openvas4ubuntu1myhack581redhat1