Vulnerability Description
incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inotify | Incron | 0.5.5 |
Related Weaknesses (CWE)
References
- http://koji.fedoraproject.org/koji/buildinfo?buildID=134880Patch
- https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5
- http://koji.fedoraproject.org/koji/buildinfo?buildID=134880Patch
- https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5
FAQ
What is CVE-2009-3589?
CVE-2009-3589 is a vulnerability with a CVSS score of 4.6 (MEDIUM). incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users t...
How severe is CVE-2009-3589?
CVE-2009-3589 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3589?
Check the references section above for vendor advisories and patch information. Affected products include: Inotify Incron.