Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2006:0539

The remote host is missing updates announced in
advisory RHSA-2006:0539.

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

A privilege escalation flaw was found in the way Vixie Cron runs programs

vixie-cron does not properly verify an attempt to set the current process
user id succeeded. It was possible for a malicious local users who
exhausted certain limits to execute arbitrary commands as root via cron.

All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : High

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2607
BugTraq ID: 18108
Bugtraq: 20060525 rPSA-2006-0082-1 vixie-cron (Google Search)
SuSE Security Announcement: SUSE-SA:2006:027 (Google Search)
XForce ISS Database: vixie-cron-docommand-gain-privilege(26691)
CopyrightCopyright (c) 2006 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.