Mangelnde Rechteprüfung in vixie-cron
ID: | TLSA-2006-21 |
Distribution: | TurboLinux |
Plattformen: | Turbolinux FUJI, Turbolinux 10 Server, Turbolinux 10 Server x64 Edition, Turbolinux Appliance Server 2.0, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 8 Server, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
Datum: | Sa, 12. August 2006, 03:50 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2607 |
Applikationen: | vixie-cron |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2006-21 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 11 Aug 2006 Last revised: 11 Aug 2006 Package: vixie-cron Summary: Setuid return value check problem More information: The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron does not check the return code of a setuid call. Impact: This vulnerability may allow local users to obtain root privileges. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 7 Server |