Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

Vixie cron is prone to a local privilege-escalation vulnerability because the application fails to properly drop superuser privileges in certain circumstances when executing jobs.

This issue allows local attackers who have been authorized to execute cron jobs to run arbitrary commands with superuser privileges. This facilitates the complete compromise of affected computers.

Vixie cron 4.1 is vulnerable when used in conjunction with pam_limits. Other versions may also be affected.