User: Password:
|
|
Subscribe / Log in / New account

rPath alert rPSA-2006-0082-1 (vixie-cron)

From:  "Justin M. Forbes" <jmforbes@rpath.com>
To:  security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:  rPSA-2006-0082-1 vixie-cron
Date:  Thu, 25 May 2006 15:31:06 -0400
Cc:  full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net

rPath Security Advisory: 2006-0082-1 Published: 2006-05-25 Products: rPath Linux 1 Rating: Critical Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: vixie-cron=/conary.rpath.com@rpl:devel//1/4.1-5.2-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-xxx... http://bugs.rpath.com/show_bug.cgi?id=1166 Description: In previous versions of the vixie-cron package, when the /etc/security/limits.conf file has been set up with limits for any user, and that user has permission to use the cron facility, that user can use vixie-cron to run arbitrary programs as root by exceeding the limits set in /etc/security/limits.conf. By default, rPath Linux does not include any limits configured in the /etc/security/limits.conf file. The /etc/security/limits.conf file is provided by the pam:data component, so to determine whether it has been changed in any way, run the command: # conary verify pam:data | grep /etc/security/limits.conf


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds