Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0539

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57089

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0539

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0539.

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

A privilege escalation flaw was found in the way Vixie Cron runs programs

vixie-cron does not properly verify an attempt to set the current process
user id succeeded. It was possible for a malicious local users who
exhausted certain limits to execute arbitrary commands as root via cron.
(CVE-2006-2607)

All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0539.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-2607
BugTraq ID: 18108
http://www.securityfocus.com/bid/18108
Bugtraq: 20060525 rPSA-2006-0082-1 vixie-cron (Google Search)
http://www.securityfocus.com/archive/1/435033/100/0/threaded
http://security.gentoo.org/glsa/glsa-200606-07.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213
http://www.redhat.com/support/errata/RHSA-2006-0539.html
http://securitytracker.com/id?1016480
http://secunia.com/advisories/20380
http://secunia.com/advisories/20388
http://secunia.com/advisories/20616
http://secunia.com/advisories/21032
http://secunia.com/advisories/21702
http://secunia.com/advisories/35318
SuSE Security Announcement: SUSE-SA:2006:027 (Google Search)
http://www.novell.com/linux/security/advisories/2006-05-32.html
https://usn.ubuntu.com/778-1/
http://www.vupen.com/english/advisories/2006/2075
XForce ISS Database: vixie-cron-docommand-gain-privilege(26691)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26691

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57089
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0539
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0539. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A privilege escalation flaw was found in the way Vixie Cron runs programs vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0539.html http://www.redhat.com/security/updates/classification/#important Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-2607 BugTraq ID: 18108 http://www.securityfocus.com/bid/18108 Bugtraq: 20060525 rPSA-2006-0082-1 vixie-cron (Google Search) http://www.securityfocus.com/archive/1/435033/100/0/threaded http://security.gentoo.org/glsa/glsa-200606-07.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213 http://www.redhat.com/support/errata/RHSA-2006-0539.html http://securitytracker.com/id?1016480 http://secunia.com/advisories/20380 http://secunia.com/advisories/20388 http://secunia.com/advisories/20616 http://secunia.com/advisories/21032 http://secunia.com/advisories/21702 http://secunia.com/advisories/35318 SuSE Security Announcement: SUSE-SA:2006:027 (Google Search) http://www.novell.com/linux/security/advisories/2006-05-32.html https://usn.ubuntu.com/778-1/ http://www.vupen.com/english/advisories/2006/2075 XForce ISS Database: vixie-cron-docommand-gain-privilege(26691) https://exchange.xforce.ibmcloud.com/vulnerabilities/26691
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com