CVE Reference: CVE-2010-0424

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-0424

Description:
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA38700
  Secunia Advisory: SA38741

FEDORA
  http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html

CONFIRM
  http://git.fedorahosted.org/git/cronie.git?p=cronie.git;a=commit;h=9e4a8fa5f9171fb724981f53879c9b20264aeb61

BID
  38391


Return to the previous page.