CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
EPSS
Percentile
5.1%
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie
cron (vixie-cron) allows local users to change the modification times of
arbitrary files, and consequently cause a denial of service, via a symlink
attack on a temporary file in the /tmp directory.
Author | Note |
---|---|
kees | Debian cron is vixie 3.0-based, not 4.1-based, this was in 4.1 and later |