• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Vixie Cron Crontab File Disclosure Vulnerability

Vixie cron crontab is reported prone to an information-disclosure vulnerability that may allow local attackers to access users' crontab files.

Reportedly, this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab.

Attackers may leverage this issue to access potentially sensitive data, which they may use to carry out further attacks against a computer.

Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. Other versions on different operating systems may be affected as well.

This issue may be specific to Red Hat operating systems and may be related to BID 1845 (HP-UX crontab /tmp File Vulnerability).