Vulnerability in Paul_vixie Vixie_cron
CVE-2006-2607
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated…
EPSS: 0.006 (42.4th percentile) — read the EPSS interpretation.
Affected products
- Paul_vixie Vixie_cron — versions 4.1
- N/a — versions n/a
References
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_CONFIRM, Exploit, Patch)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (vendor-advisory, x_refsource_SUSE)