CVE Vulnerabilities

CVE-2006-2607

Published: May 25, 2006 | Modified: Oct 18, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

Affected Software

Name Vendor Start Version End Version
Vixie_cron Paul_vixie 4.1 4.1
Red Hat Enterprise Linux 4 RedHat vixie-cron-4:4.1-44.EL4 *
Cron Ubuntu dapper *
Cron Ubuntu devel *
Cron Ubuntu edgy *
Cron Ubuntu feisty *
Cron Ubuntu gutsy *
Cron Ubuntu hardy *
Cron Ubuntu intrepid *
Cron Ubuntu jaunty *
Cron Ubuntu upstream *

References