New Search

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

oval:org.mitre.oval:def:10213

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2006-2607
Product(s):