|
|
>> Gentoo Security Update Fixes Vixie Cron Local Denial of Service Vulnerability
|
Title : Gentoo Security Update Fixes Vixie Cron Local Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2007-1412
CVE ID : CVE-2007-1856
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-04-17
|
Gentoo has released security updates to address a vulnerability identified in Vixie Cron. This issue is caused by insecure permissions set on Gentoo, which could be exploited by a local user to create hard links to cron files that will trigger the "st_link" safety check and prevent the targeted cron file from being run when the database is restarted or reloaded.
Affected Products
sys-process/vixie-cron versions prior to 4.1-r10
Solution
Upgrade the affected packages :
# emerge --sync
# emerge --ask --oneshot --verbose " >=sys-process/vixie-cron-4.1-r10"
References
http://www.vupen.com/english/advisories/2007/1412
http://www.gentoo.org/security/en/glsa/glsa-200704-11.xml
ChangeLog
2007-04-17 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
