Vulnerability Description
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | - |
Related Weaknesses (CWE)
References
- https://marc.info/?l=full-disclosure&m=129891323028897&w=2Third Party Advisory
- https://security.netapp.com/advisory/ntap-20211125-0004/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2011/02/28/14Mailing ListThird Party Advisory
- https://marc.info/?l=full-disclosure&m=129891323028897&w=2Third Party Advisory
- https://security.netapp.com/advisory/ntap-20211125-0004/Third Party Advisory
- https://www.openwall.com/lists/oss-security/2011/02/28/14Mailing ListThird Party Advisory
FAQ
What is CVE-2011-1075?
CVE-2011-1075 is a vulnerability with a CVSS score of 3.7 (LOW). FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, wh...
How severe is CVE-2011-1075?
CVE-2011-1075 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1075?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd.