CVE 2006-2607
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/
Related bugs and status
CVE-2006-2607 (Candidate) is related to these bugs:
Bug #36690: daylight saving time messes up cron
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
36690 | daylight saving time messes up cron | cron (Ubuntu) | Medium | Fix Released | ||
36690 | daylight saving time messes up cron | cron (Debian) | Unknown | Fix Released |
Bug #46493: cron runs scripts named xxxx.dpkg-old
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
46493 | cron runs scripts named xxxx.dpkg-old | cron (Ubuntu) | Wishlist | Fix Released |
Bug #46649: Cron not checking setgid return value
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
46649 | Cron not checking setgid return value | cron (Ubuntu) | Medium | Fix Released | ||
46649 | Cron not checking setgid return value | cron (Ubuntu Dapper) | Medium | Fix Released | ||
46649 | Cron not checking setgid return value | cron (Ubuntu Hardy) | Medium | Fix Released | ||
46649 | Cron not checking setgid return value | cron (Ubuntu Intrepid) | Medium | Fix Released | ||
46649 | Cron not checking setgid return value | cron (Ubuntu Jaunty) | Medium | Fix Released | ||
46649 | Cron not checking setgid return value | cron (Ubuntu Karmic) | Medium | Fix Released | ||
46649 | Cron not checking setgid return value | cron (Debian) | Unknown | Fix Released |
Bug #118168: Crontab accepts files with no newline before EOL/EOF. Cron ignores file
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
118168 | Crontab accepts files with no newline before EOL/EOF. Cron ignores file | cron (Ubuntu) | Medium | Fix Released | ||
118168 | Crontab accepts files with no newline before EOL/EOF. Cron ignores file | cron (CentOS) | Undecided | New |
Bug #151231: cron jobs fail silently if too much output produced and no MTA is installed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
151231 | cron jobs fail silently if too much output produced and no MTA is installed | cron (Ubuntu) | Low | Fix Released |
Bug #308341: @reboot in system crontab ignores (some) valid sh command syntax
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
308341 | @reboot in system crontab ignores (some) valid sh command syntax | cron (Ubuntu) | Undecided | Fix Released |
Bug #367383: /etc/cron.daily/standard doesn't report files in lost+found and also doesn't support ext4
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
367383 | /etc/cron.daily/standard doesn't report files in lost+found and also doesn't support ext4 | cron (Ubuntu) | Undecided | Fix Released |
Bug #376327: Please merge cron(3.0pl1-106)(main) from debian unstable(main)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
376327 | Please merge cron(3.0pl1-106)(main) from debian unstable(main) | cron (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.