Rapid7 Vulnerability & Exploit Database

RHSA-2012:0304: vixie-cron security, bug fix, and enhancement update

Back to Search

RHSA-2012:0304: vixie-cron security, bug fix, and enhancement update

Severity
3
CVSS
(AV:L/AC:M/Au:N/C:N/I:P/A:P)
Published
02/25/2010
Created
07/25/2018
Added
02/21/2012
Modified
07/04/2017

Description

The vixie-cron package contains the Vixie version of cron. Cron is astandard UNIX daemon that runs specified programs at scheduled times. Thevixie-cron package adds improved security and more powerful configurationoptions to the standard version of cron.A race condition was found in the way the crontab program performed filetime stamp updates on a temporary file created when editing a user crontabfile. A local attacker could use this flaw to change the modification timeof arbitrary system files via a symbolic link attack. (CVE-2010-0424)Red Hat would like to thank Dan Rosenberg for reporting this issue.This update also fixes the following bugs:In addition, this update adds the following enhancement:All vixie-cron users should upgrade to this updated package, which resolvesthese issues and adds this enhancement.

Solution(s)

  • redhat-upgrade-vixie-cron
  • redhat-upgrade-vixie-cron-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;