About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Fedora Security Update Fixes Cronie Timestamp Race Condition

VUPEN ID VUPEN/ADV-2010-0467
CVE ID CVE-2010-0424
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Low Risk 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2010-02-25
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by local attackers to manipulate certain information. This issue is caused due to a race condition in the way vixie-cron and cronie used to set up timestamp for crontab files when editing the files, which could allow malicious users to manipulate timestamps, potentially leading to a denial of service condition.

Affected Products

Fedora 12

Solution 

Upgrade the affected package (cronie) :
http://docs.fedoraproject.org/yum/

References

http://www.vupen.com/english/advisories/2010/0467
https://bugzilla.redhat.com/show_bug.cgi?id=565809
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html

Credits 

Vulnerability reported by Dan Rosenberg.

Changelog 

2010-02-25 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 14%

  High Risk		 : 3%

  Moderate Risk		 : 45%

  Low Risk		 : 38%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy