VUPEN Security - Fedora Security Update Fixes Vixie Cron Local Denial of Service Vulnerability / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes Vixie Cron Local Denial of Service Vulnerability

Title : Fedora Security Update Fixes Vixie Cron Local Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2007-2845
CVE ID : CVE-2007-1856
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-08-13

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

A vulnerability has been identified in Fedora, which could be exploited by local attackers to cause a denial of service. This issue is caused by an error in vixie-cron. For additional information, see : VUPEN/ADV-2007-1412

Affected Products

Fedora Core 6

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

670d834b18bf870b03846cb1714b94d6e5b54b10 SRPMS/vixie-cron-4.1-69.fc6.src.rpm
670d834b18bf870b03846cb1714b94d6e5b54b10 noarch/vixie-cron-4.1-69.fc6.src.rpm
3faee134af28dc76e25f950975402ef028a4acae ppc/vixie-cron-4.1-69.fc6.ppc.rpm
076081a1c4cb1d6a7c033d0b4997e2355c35be94 ppc/debug/vixie-cron-debuginfo-4.1-69.fc6.ppc.rpm
b4d9496cdf04af70877b65596a4c40628b120218 x86_64/vixie-cron-4.1-69.fc6.x86_64.rpm
3b96a602225843c83833d4976eda3db8e42526d5 x86_64/debug/vixie-cron-debuginfo-4.1-69.fc6.x86_64.rpm
b6937b1cdb04e9732f970e72fccb13fdf10d3ab8 i386/vixie-cron-4.1-69.fc6.i386.rpm
145a89996f454de784e08b986328a29396424281 i386/debug/vixie-cron-debuginfo-4.1-69.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/2845
https://www.redhat.com/archives/fedora-package-announce/2007-August/msg00132.html

ChangeLog

2007-08-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations