Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2006:0539
HistoryJul 12, 2006 - 6:56 p.m.

vixie security update

2006-07-1218:56:16
CentOS Project
lists.centos.org
43

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

48.7%

JSON

CentOS Errata and Security Advisory CESA-2006:0539

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

A privilege escalation flaw was found in the way Vixie Cron runs programs;
vixie-cron does not properly verify an attempt to set the current process
user id succeeded. It was possible for a malicious local users who
exhausted certain limits to execute arbitrary commands as root via cron.
(CVE-2006-2607)

All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-July/075160.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075161.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075162.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075178.html
https://lists.centos.org/pipermail/centos-announce/2006-July/075179.html

Affected packages:
vixie-cron

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0539

Related

redhat 1
myhack58 1
openvas 4
nessus 6
prion 1
debiancve 1
ubuntucve 1
suse 1
cve 1
nvd 1
ubuntu 1
cvelist 1
gentoo 1
osv 1
redhat
redhat
(RHSA-2006:0539) vixie-cron security update
2006-07-12 00:00:00
myhack58
myhack58
Setuid() - nproc limit the type of vulnerability of in-depth analysis-vulnerability warning-the black bar safety net
2006-08-04 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200606-07 (vixie-cron)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-778-1)
2009-06-05 00:00:00
Gentoo Security Advisory GLSA 200606-07 (vixie-cron)
2008-09-24 00:00:00
nessus
nessus
SUSE-SA:2006:027: cron
2006-06-01 00:00:00
openSUSE 10 Security Update : cron (cron-1440)
2007-10-17 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cron vulnerability (USN-778-1)
2009-06-02 00:00:00
prion
prion
Deserialization of untrusted data
2006-05-25 20:02:00
debiancve
debiancve
CVE-2006-2607
2006-05-25 20:02:00
ubuntucve
ubuntucve
CVE-2006-2607
2006-05-25 00:00:00
suse
suse
local privilege escalation in cron
2006-05-31 13:32:34
cve
cve
CVE-2006-2607
2006-05-25 20:02:00
nvd
nvd
CVE-2006-2607
2006-05-25 20:02:00
ubuntu
ubuntu
cron vulnerability
2009-06-01 00:00:00
cvelist
cvelist
CVE-2006-2607
2006-05-25 20:00:00
gentoo
gentoo
Vixie Cron: Privilege Escalation
2006-06-09 00:00:00
osv
osv
cron-4.2-65.4 on GA media
2024-06-15 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

48.7%

JSON
Related for CESA-2006:0539
redhat1myhack581openvas4nessus6prion1debiancve1ubuntucve1suse1cve1nvd1ubuntu1cvelist1gentoo1osv1