Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12830
HistoryMay 26, 2006 - 12:00 a.m.

rPSA-2006-0082-1 vixie-cron

2006-05-2600:00:00
vulners.com
5
JSON

rPath Security Advisory: 2006-0082-1
Published: 2006-05-25
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
vixie-cron=/conary.rpath.com@rpl:devel//1/4.1-5.2-1

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-xxxx-xxxx
http://bugs.rpath.com/show_bug.cgi?id=1166

Description:
In previous versions of the vixie-cron package, when the
/etc/security/limits.conf file has been set up with limits for
any user, and that user has permission to use the cron facility,
that user can use vixie-cron to run arbitrary programs as root by
exceeding the limits set in /etc/security/limits.conf.

By default, rPath Linux does not include any limits configured
in the /etc/security/limits.conf file.  The /etc/security/limits.conf
file is provided by the pam:data component, so to determine whether
it has been changed in any way, run the command:

# conary verify pam:data | grep /etc/security/limits.conf
JSON