rPSA-2006-0082-1 vixie-cron May 25 2006 07:31PM
Justin M. Forbes (jmforbes rpath com)
rPath Security Advisory: 2006-0082-1
Published: 2006-05-25
Products: rPath Linux 1
Rating: Critical
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:


In previous versions of the vixie-cron package, when the
/etc/security/limits.conf file has been set up with limits for
any user, and that user has permission to use the cron facility,
that user can use vixie-cron to run arbitrary programs as root by
exceeding the limits set in /etc/security/limits.conf.

By default, rPath Linux does not include any limits configured
in the /etc/security/limits.conf file. The /etc/security/limits.conf
file is provided by the pam:data component, so to determine whether
it has been changed in any way, run the command:

# conary verify pam:data | grep /etc/security/limits.conf

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus