Vixie Cron could allow local attackers to gain root privileges

vixie-cron-gain-privileges (6508)

High Risk

Description:

Vixie Cron could allow a local attacker to gain root privileges. Crontab fails to properly drop privileges in certain cases after a crontab modification operation. A local attacker could exploit this vulnerability to gain root privileges on the system since crontab is installed setuid root.

Platforms Affected:

• Conectiva, Linux 7.0
• Conectiva, Linux 9.0
• Debian, Debian Linux 2.2
• MandrakeSoft, Mandrake Linux 7.1
• MandrakeSoft, Mandrake Linux 7.2
• MandrakeSoft, Mandrake Linux 8.0
• MandrakeSoft, Mandrake Linux Corporate Server 1.0.1
• Paul Vixie, Vixie Cron 3.0pl1
• SuSE, SuSE Linux 7.1

Remedy:

For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest version of Cron (3.0pl1-57.3 or later), as listed in DSA-054-1. See References.

For Linux-Mandrake 7.1 and Corporate Server 1.0.1:
Upgrade to the latest version of Cron (3.0.1-46.4mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:050 : vixie-cron. See References.

For Linux-Mandrake 7.2:
Upgrade to the latest version of Cron (3.0.1-46.3mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:050 : vixie-cron. See References.

For Mandrake Linux8.0:
Upgrade to the latest version of Cron (3.0.1-51.1mdk or later), as listed in MandrakeSoft Security Advisory MDKSA-2001:050 : vixie-cron. See References.

For SuSE Linux 7.1:
Upgrade to the latest version of Cron (3.0.1 or later), as listed in SuSE Security Announcement SuSE-SA:2001:17. See References.

For Conectiva Linux:
Upgrade to the latest vixie-cron package, as listed below. Refer to Conectiva Linux Announcement CLSA-2003:758 for more information. See References.

Conectiva Linux 7.0: 3.0.1-50U70_2cl or later
Conectiva Linux 9: 3.0.1-27403U90_1cl or later

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

• BugTraq Mailing List, Mon May 07 2001 - 17:08:49 CDT, Vixie cron vulnerability at http://archives.neohapsis.com/archives/bugtraq/2001-05/0048.html.
• BugTraq Mailing List, Tue May 08 2001 - 10:30:55 CDT, Re: Vixie cron vulnerability at http://archives.neohapsis.com/archives/bugtraq/2001-05/0056.html.
• BugTraq Mailing List, Tue May 08 2001 - 16:01:21 CDT, Re: Vixie cron vulnerability at http://archives.neohapsis.com/archives/bugtraq/2001-05/0055.html.
• Conectiva Linux Announcement CLSA-2003:628, vixie-cron at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000628.
• Conectiva Linux Announcement CLSA-2003:758, vixie-cron at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000758.
• SuSE Security Announcement SuSE-SA:2001:017, cron-3.0.1-296 at http://www.suse.com/de/security/2001_017_cron_txt.html.
• BID-2687: Vixie Cron crontab Privilege Lowering Failure Vulnerability
• BID-8759: Conectiva Vixie-Cron Package Potential Denial Of Service Vulnerability
• CVE-2001-0559: crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
• DSA-054: cron -- local root exploit
• MDKSA-2001:050: Updated vixie-cron packages fix local root vulnerability

Reported:

May 07, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page