Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1038

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-1038
Last Modified 21 Aug 2010 12:27:30
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-1038

Summary

crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 4.0

Application

  • Paul Vixie Vixie Cron 4.1


References

BID - 13024

BUGTRAQ - 20050406 crontab from vixie-cron allows read other users crontabs

REDHAT - RHSA-2006:0117

REDHAT - RHSA-2005:361

SUSE - SUSE-SR:2007:007

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-118.htm

SECUNIA - 24995

SECUNIA - 20666

SECUNIA - 19532

SGI - 20060401-01-U

Related Patches

Novell SUSE 2007:3093 cron security update for SLE 10 i586

Novell SUSE 2007:3831 cron security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:40:01