|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2006-0539: vixie Vulnerability Scan
Vulnerability Scan Summary Check for the version of the vixie packages
Detailed Explanation for this Vulnerability Test
Updated vixie-cron packages that fix a privilege escalation issue are now
available.
This update has been rated as having important security impact by the Red
Hat
Security Response Team.
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
A privilege escalation flaw was found in the way Vixie Cron runs programs
vixie-cron does not properly verify an attempt to set the current process
user id succeeded. It was possible for a malicious local users who
exhausted certain limits to execute arbitrary commands as root via cron.
(CVE-2006-2607)
All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2006-0539.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|