Vixie Cron Installation Permissions on Some Platforms Let Local Users Deny Service
|
|
SecurityTracker Alert ID: 1018081
|
|
SecurityTracker URL: http://securitytracker.com/id?1018081
|
|
CVE Reference: CVE-2007-1856
(Links to External Site)
|
Date: May 17 2007
|
Impact: Denial of service via local system
|
Description: A vulnerability was reported in Vixie Cron as packaged on some Linux platforms. A local user can can cause denial of service conditions.
A local user can create hard links to system and user cron files. When cron is run on the linked file, an error may occur in 'database.c',
preventing the target cron file from executing.
Gentoo Linux and SUSE Linux are affected. Other platforms may also be affected.
Raphael
Marichez of the Gentoo Linux Security Team discovered this vulnerability.
|
Impact: A local user can cause certain cron files to fail to execute.
|
Solution: No solution was available at the time of this entry.
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 17 May 2007 14:40:40 -0400
Subject: vixie-cron
|
CVE-2007-1856:
> Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions,
> which allows local users to cause a denial of service (cron failure) by creating hard
> links, which results in a failed st_nlink check in database.c.
|
|
