Vixie Cron could allow local attackers to gain root privileges
| vixie-cron-gain-privileges (6508) |  High Risk |
Description:
Vixie Cron could allow a local attacker to gain root privileges. Crontab fails to properly drop privileges in certain cases after a crontab modification operation. A local attacker could exploit this vulnerability to gain root privileges on the system since crontab is installed setuid root.
Platforms Affected:
- Conectiva, Linux 7.0
- Conectiva, Linux 9.0
- Debian, Debian Linux 2.2
- MandrakeSoft, Mandrake Linux 7.1
- MandrakeSoft, Mandrake Linux 7.2
- MandrakeSoft, Mandrake Linux 8.0
- MandrakeSoft, Mandrake Linux Corporate Server 1.0.1
- Paul Vixie, Vixie Cron 3.0pl1
- SuSE, SuSE Linux 7.1
Remedy:
For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of Cron (3.0pl1-57.3 or later), as listed in DSA-054-1. See References.
For Linux-Mandrake 7.1 and Corporate Server 1.0.1:
Upgrade to the latest version of Cron (3.0.1-46.4mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:050 : vixie-cron. See References.
For Linux-Mandrake 7.2:
Upgrade to the latest version of Cron (3.0.1-46.3mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:050 : vixie-cron. See References.
For Mandrake Linux8.0:
Upgrade to the latest version of Cron (3.0.1-51.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:050 : vixie-cron. See References.
For SuSE Linux 7.1:
Upgrade to the latest version of Cron (3.0.1 or later), as listed in SuSE Security Announcement SuSE-SA:2001:17. See References.
For Conectiva Linux:
Upgrade to the latest vixie-cron package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:758 for more information. See References.
Conectiva Linux 7.0: 3.0.1-50U70_2cl or later
Conectiva Linux 9: 3.0.1-27403U90_1cl or later
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, Mon May 07 2001 - 17:08:49 CDT, Vixie cron vulnerability at http://archives.neohapsis.com/archives/bugtraq/2001-05/0048.html.
- BugTraq Mailing List, Tue May 08 2001 - 10:30:55 CDT, Re: Vixie cron vulnerability at http://archives.neohapsis.com/archives/bugtraq/2001-05/0056.html.
- BugTraq Mailing List, Tue May 08 2001 - 16:01:21 CDT, Re: Vixie cron vulnerability at http://archives.neohapsis.com/archives/bugtraq/2001-05/0055.html.
- Conectiva Linux Announcement CLSA-2003:628, vixie-cron at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000628.
- Conectiva Linux Announcement CLSA-2003:758, vixie-cron at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000758.
- SuSE Security Announcement SuSE-SA:2001:017, cron-3.0.1-296 at http://www.suse.com/de/security/2001_017_cron_txt.html.
- BID-2687: Vixie Cron crontab Privilege Lowering Failure Vulnerability
- BID-8759: Conectiva Vixie-Cron Package Potential Denial Of Service Vulnerability
- CVE-2001-0559: crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
- DSA-054: cron -- local root exploit
- MDKSA-2001:050: Updated vixie-cron packages fix local root vulnerability
Reported:
May 07, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net