Rapid7 Vulnerability & Exploit Database

RHSA-2001:014: New vixie-cron packages available

Back to Search

RHSA-2001:014: New vixie-cron packages available

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
08/22/2001
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New vixie-cron packages are available that fix a buffer overflow in the 'crontab' command; this could allow certain users to gain elevated privileges. It is recommended that all users update to the fixed packages. Users of Red Hat Linux 6.0 or 6.1 should use the packages for Red Hat Linux 6.2.

A buffer overflow existed in the 'crontab' command; if called by a user with a username longer than 20 characters. If the system administrator has created usernames of that length, it would be possible for those users to gain elevated privileges.

Solution(s)

  • redhat-upgrade-vixie-cron

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;