| Revision Date: | 2006-07-12 | Version: | 642 |
| Title: | RHSA-2006:0539: vixie-cron security update (Important) |
| Description: | The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times.
A privilege escalation flaw was found in the way Vixie Cron runs programs; vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607)
All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2006-2607
RHSA-2006:0539
RHSA-2006:0539-01
RHSA-2006:0539-01
|
| Platform(s): | Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 4 is installed
AND vixie-cron is earlier than 4:4.1-44.EL4
AND vixie-cron is signed with Red Hat redhatrelease2 key
|