Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in vixie-cron
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in vixie-cron
ID: TLSA-2006-21
Distribution: TurboLinux
Plattformen: Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition
Datum: Sa, 12. August 2006, 03:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2607
Applikationen: vixie-cron

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2006-21
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------

Original released date: 11 Aug 2006
Last revised: 11 Aug 2006

Package: vixie-cron

Summary: Setuid return value check problem

More information:
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

Vixie cron does not check the return code of a setuid call.

Impact:
This vulnerability may allow local users to obtain root privileges.

Affected Products:
- Turbolinux Appliance Server 2.0
- Turbolinux FUJI
- Turbolinux 10 Server x64 Edition
- Turbolinux Appliance Server 1.0 Hosting Edition
- Turbolinux Appliance Server 1.0 Workgroup Edition
- Turbolinux 10 Server
- Turbolinux Home
- Turbolinux 10 F...
- Turbolinux 10 Desktop
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 8 Server
- Turbolinux 7 Server


<Turbolinux Appliance Server 2.0>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 e4cdd4019adfbdccc2b8205c5ce81334

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
85246 387792ff13908e04c4fb0fca8f3f5304

<Turbolinux FUJI>

Source Packages
Size: MD5


Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i686.rpm
56150 0d86cd54a087509673aaaa0ade939a50

<Turbolinux 10 Server x64 Edition>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 cb5cdfe83851bb9daee156f4315286e9

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.x86_64.rpm
87632 9db011c1d84e647d4f420fcbc6426ac4

<Turbolinux Appliance Server 1.0 Hosting Edition>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 33aa15ebce2e355112b94cd3958ff130

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
57186 895c1f4ffef87702b9f6e3d1a3007ed9

<Turbolinux Appliance Server 1.0 Workgroup Edition>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 422db1e71b35e01af1f785f8fef25573

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
57390 a88a4b6f4a9c206f1964522f8dc731bc

<Turbolinux 10 Server>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 9843d1f1d6c0f67c47ea03a67241f5d4

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
85246 387792ff13908e04c4fb0fca8f3f5304

<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux
Multimedia, Turbolinux Personal>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 4d8597dc2a4571b96ca797c630df4fbe

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
85125 f0ea05bc558d698f0467f3be4e1e18b8

<Turbolinux 8 Server>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 35a1df7c86daad8d69f83d93f803be77

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
57374 149cd71983849c4643cb9a960f14969a

<Turbolinux 7 Server>

Source Packages
Size: MD5

vixie-cron-3.0.1-70.src.rpm
93722 8da6820cca4816c7b2fe575334e4a2b4

Binary Packages
Size: MD5

vixie-cron-3.0.1-70.i586.rpm
59475 6e108bab1810b36572ca0bf2852f449f


CVE
[CVE-2006-2607]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2607

--------------------------------------------------------------------------
Revision History
11 Aug 2006 Initial release
--------------------------------------------------------------------------

Copyright(C) 2006 Turbolinux, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFE3BhEK0LzjOqIJMwRAnjgAJ98y0f81G2jPzw9zzXxxgoBrtEJ/ACdFxYo
EWfSS8+hpWfdOUmv/3PEBo8=
=pIAh
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung