Vulnerability Description
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedorahosted | Cronie | <= 1.4.3 |
| Paul Vixie | Vixie Cron | All versions |
Related Weaknesses (CWE)
References
- http://git.fedorahosted.org/git/cronie.git?p=cronie.git%3Ba=commit%3Bh=9e4a8fa5f
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.h
- http://secunia.com/advisories/38700Vendor Advisory
- http://secunia.com/advisories/38741Vendor Advisory
- http://secunia.com/advisories/48104
- http://www.securityfocus.com/bid/38391
- https://bugzilla.redhat.com/show_bug.cgi?id=565809
- http://git.fedorahosted.org/git/cronie.git?p=cronie.git%3Ba=commit%3Bh=9e4a8fa5f
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.h
- http://secunia.com/advisories/38700Vendor Advisory
- http://secunia.com/advisories/38741Vendor Advisory
- http://secunia.com/advisories/48104
- http://www.securityfocus.com/bid/38391
- https://bugzilla.redhat.com/show_bug.cgi?id=565809
FAQ
What is CVE-2010-0424?
CVE-2010-0424 is a vulnerability with a CVSS score of 3.3 (LOW). The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of...
How severe is CVE-2010-0424?
CVE-2010-0424 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0424?
Check the references section above for vendor advisories and patch information. Affected products include: Fedorahosted Cronie, Paul Vixie Vixie Cron.