Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-07] Vixie Cron: Privilege Escalation Vulnerability Scan
Vulnerability Scan Summary
Vixie Cron: Privilege Escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-07
(Vixie Cron: Privilege Escalation)
Roman Veretelnikov discovered that Vixie Cron fails to properly
check whether it can drop rights accordingly if setuid() in
do_command.c fails due to a user exceeding assigned resource limits.
Local users can execute code with root rights by deliberately
exceeding their assigned resource limits and then starting a command
through Vixie Cron. This requires resource limits to be in place on the
There is no known workaround at this time.
All Vixie Cron users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r9"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.