Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2607

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-2607
Last Modified 07 Mar 2011 09:36:34
Published 25 May 2006 04:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2607

Summary

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

Vulnerable Systems

Application

  • Paul Vixie Vixie Cron 4.1


References

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178431

XF - vixie-cron-docommand-gain-privilege(26691)

VUPEN - ADV-2006-2075

UBUNTU - USN-778-1

BID - 18108

BUGTRAQ - 20060525 rPSA-2006-0082-1 vixie-cron

SECUNIA - 35318

SECUNIA - 20380

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=134194

REDHAT - RHSA-2006:0539

SUSE - SUSE-SA:2006:027

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-168.htm

SECTRACK - 1016480

GENTOO - GLSA-200606-07

SECUNIA - 21702

SECUNIA - 21032

SECUNIA - 20616

SECUNIA - 20388


Last Updated: 27 May 2016 10:42:40