Vulnerability in Fedorahosted Cronie

CVE-2010-0424

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a tem…

EPSS: 0.003 (26.3th percentile) — read the EPSS interpretation.

Affected products

Fedorahosted Cronie
Paul_vixie Vixie_cron
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)