vixie-cron: privilege escalation [LWN.net]

Package(s): cron CVE #(s): CVE-2006-2607

Created: May 31, 2006 Updated: June 1, 2009

Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.

Alerts:

Ubuntu	USN-778-1	2009-06-01
Red Hat	RHSA-2006:0539-01	2006-07-12
Gentoo	200606-07	2006-06-09
SuSE	SUSE-SA:2006:027	2006-05-31
rPath	rPSA-2006-0082-1	2006-05-25

(Log in to post comments)

vixie-cron: privilege escalation

Posted Jul 22, 2006 19:48 UTC (Sat) by jfs (subscriber, #7140) [Link]

I was surprised to see that this was fixed in Debian (before I go to maintain the cron package) as it was done by the previous maintainer (Steve Greenland) over 5 years ago! See http://svn.debian.org/wsvn/pkg-cron/trunk/?rev=153&sc=1

OpenBSD (on which OpenWall Linux is based on) fixed this (only :) 2 years ago, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/cron/d... but FreeBSD only did so recently: http://www.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/cron/c...
and so did NetBSD: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/cron/do_...

Since Paul Vixie's cron is such a heavily-used package (by most GNU/Linux and BSD operating systems) and there's lots of patches and improvements from different vendors I wonder if all the cron maintainers should get together in order to do a proper review of what other's have patched and try to get an improved (and common) codebase.