Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Cron Vendors:   Vixie, Paul
(SCO Releases Fix) Re: Cron Utility Allows Local Users to Obtain Root-Level Privileges
SecurityTracker Alert ID:  1001869
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 28 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.0pl1-57.3
Description:   A vulnerability was reported in the Vixie cron utility that allows local users to obtain root-level privileges on the host.

It is reported that a recent (fall 2000) security fix to cron introduced this vulnerability. The utility apparently does not properly release privileges before invoking the editor, allowing a local user to execute commands on the host with root-level privileges.

Impact:   A local user can execute commands on the host with root-level privileges, thereby obtaining root level access to the host.
Solution:   SCO has released a fix for UnixWare 7. The fixed binaries are available at:
Vendor URL: (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7

Message History:   This archive entry is a follow-up to the message listed below.
May 8 2001 Cron Utility Allows Local Users to Obtain Root-Level Privileges

 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.3] UnixWare - cron buffer overflow

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            



	    Caldera International, Inc. Security Advisory

Subject:		UnixWare - cron buffer overflow
Advisory number: 	CSSA-2001-SCO.3
Issue date: 		2001 June, 27
Cross reference:

1. Problem Description

	The cron command is vulnerable to a command line argument
	buffer overflow. This could allow a process to execute
	arbitrary code, allowing a malicious user to gain elevated

2. Vulnerable Versions

	Operating System	Version		Affected Files
	UnixWare 7		All		/usr/bin/crontab

3. Workaround


4. UnixWare 7

  4.1 Location of Fixed Binaries

  4.2 Verification

	md5 checksums:
	2f00acf514126ad9e8bced6ceb7bb66e	erg711714a.Z

	md5 is available for download from

  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711714a.Z
	# pkgadd -d /tmp/erg711714a

5. References

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International, Inc. products.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see




Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC