Executive Summary
| Summary | |
|---|---|
| Title | vixie-cron security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2006:0539 | First vendor Publication | 2006-07-12 |
| Vendor | RedHat | Last vendor Modification | 2006-07-12 |
| Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated vixie-cron packages that fix a privilege escalation issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A privilege escalation flaw was found in the way Vixie Cron runs programs; vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 193146 - CVE-2006-2607 Jobs start from root when pam_limits enabled |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2006-0539.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10213 | |||
| Oval ID: | oval:org.mitre.oval:def:10213 | ||
| Title: | do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | ||
| Description: | do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-2607 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13827 | |||
| Oval ID: | oval:org.mitre.oval:def:13827 | ||
| Title: | USN-778-1 -- cron vulnerability | ||
| Description: | It was discovered that cron did not properly check the return code of the setgid and initgroups system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid check referred to by CVE-2006-2607. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-778-1 CVE-2006-2607 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | cron |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-06-05 | Name : Ubuntu USN-778-1 (cron) File : nvt/ubuntu_778_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200606-07 (vixie-cron) File : nvt/glsa_200606_07.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 25850 | Vixie Cron do_command.c Setuid Drop Failure Privilege Escalation |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-06-02 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-778-1.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_cron-1440.nasl - Type : ACT_GATHER_INFO |
| 2006-07-13 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0539.nasl - Type : ACT_GATHER_INFO |
| 2006-07-13 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0539.nasl - Type : ACT_GATHER_INFO |
| 2006-06-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200606-07.nasl - Type : ACT_GATHER_INFO |
| 2006-06-01 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_027.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:50:03 |
|
