Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-778-1
HistoryJun 01, 2009 - 12:00 a.m.

cron vulnerability

2009-06-0100:00:00
ubuntu.com
41

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

48.7%

JSON

Releases

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • cron -

Details

It was discovered that cron did not properly check the return code of
the setgid() and initgroups() system calls. A local attacker could use
this to escalate group privileges. Please note that cron versions 3.0pl1-64
and later were already patched to address the more serious setuid() check
referred to by CVE-2006-2607.

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchcron< 3.0pl1-105ubuntu1.1UNKNOWN
Ubuntu8.10noarchcron< 3.0pl1-104+ubuntu5.1UNKNOWN
Ubuntu8.04noarchcron< 3.0pl1-100ubuntu2.1UNKNOWN
Ubuntu6.06noarchcron< 3.0pl1-92ubuntu1.1UNKNOWN

Related

redhat 1
nessus 6
myhack58 1
openvas 4
prion 1
debiancve 1
ubuntucve 1
suse 1
cve 1
nvd 1
cvelist 1
gentoo 1
centos 1
osv 1
redhat
redhat
(RHSA-2006:0539) vixie-cron security update
2006-07-12 00:00:00
nessus
nessus
SUSE-SA:2006:027: cron
2006-06-01 00:00:00
openSUSE 10 Security Update : cron (cron-1440)
2007-10-17 00:00:00
RHEL 4 : vixie-cron (RHSA-2006:0539)
2006-07-13 00:00:00
myhack58
myhack58
Setuid() - nproc limit the type of vulnerability of in-depth analysis-vulnerability warning-the black bar safety net
2006-08-04 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200606-07 (vixie-cron)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-778-1)
2009-06-05 00:00:00
Ubuntu USN-778-1 (cron)
2009-06-05 00:00:00
prion
prion
Deserialization of untrusted data
2006-05-25 20:02:00
debiancve
debiancve
CVE-2006-2607
2006-05-25 20:02:00
ubuntucve
ubuntucve
CVE-2006-2607
2006-05-25 00:00:00
suse
suse
local privilege escalation in cron
2006-05-31 13:32:34
cve
cve
CVE-2006-2607
2006-05-25 20:02:00
nvd
nvd
CVE-2006-2607
2006-05-25 20:02:00
cvelist
cvelist
CVE-2006-2607
2006-05-25 20:00:00
gentoo
gentoo
Vixie Cron: Privilege Escalation
2006-06-09 00:00:00
centos
centos
vixie security update
2006-07-12 18:56:16
osv
osv
cron-4.2-65.4 on GA media
2024-06-15 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.001

Percentile

48.7%

JSON
Related for USN-778-1
redhat1nessus6myhack581openvas4prion1debiancve1ubuntucve1suse1cve1nvd1cvelist1gentoo1centos1osv1