ID CVE-2006-2607
Summary do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
References
Vulnerable Configurations
  • cpe:2.3:a:paul_vixie:vixie_cron:4.1
    cpe:2.3:a:paul_vixie:vixie_cron:4.1
CVSS
Base: 7.2 (as of 26-05-2006 - 10:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CRON-1440.NASL
    description A missing check on the return value of setuid() in vixie-cron could be used by a local user to gain root privileges by exhausting resource limits and waiting for a cronjob to trigger. This is tracked by the Mitre CVE ID CVE-2006-2607.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27189
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27189
    title openSUSE 10 Security Update : cron (cron-1440)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-07 (Vixie Cron: Privilege Escalation) Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid() in do_command.c fails due to a user exceeding assigned resource limits. Impact : Local users can execute code with root privileges by deliberately exceeding their assigned resource limits and then starting a command through Vixie Cron. This requires resource limits to be in place on the machine. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21680
    published 2006-06-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21680
    title GLSA-200606-07 : Vixie Cron: Privilege Escalation
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0539.NASL
    description Updated vixie-cron packages that fix a privilege escalation issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A privilege escalation flaw was found in the way Vixie Cron runs programs; vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22036
    published 2006-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22036
    title CentOS 4 : vixie-cron (CESA-2006:0539)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-778-1.NASL
    description It was discovered that cron did not properly check the return code of the setgid() and initgroups() system calls. A local attacker could use this to escalate group privileges. Please note that cron versions 3.0pl1-64 and later were already patched to address the more serious setuid() check referred to by CVE-2006-2607. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38984
    published 2009-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38984
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cron vulnerability (USN-778-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0539.NASL
    description Updated vixie-cron packages that fix a privilege escalation issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A privilege escalation flaw was found in the way Vixie Cron runs programs; vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22043
    published 2006-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22043
    title RHEL 4 : vixie-cron (RHSA-2006:0539)
oval via4
accepted 2013-04-29T04:03:35.897-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
family unix
id oval:org.mitre.oval:def:10213
status accepted
submitted 2010-07-09T03:56:16-04:00
title do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
version 23
redhat via4
advisories
bugzilla
id 193146
title CVE-2006-2607 Jobs start from root when pam_limits enabled
oval
AND
comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0539
released 2006-07-12
severity Important
title RHSA-2006:0539: vixie-cron security update (Important)
refmap via4
bid 18108
bugtraq 20060525 rPSA-2006-0082-1 vixie-cron
confirm
gentoo GLSA-200606-07
sectrack 1016480
secunia
  • 20380
  • 20388
  • 20616
  • 21032
  • 21702
  • 35318
suse SUSE-SA:2006:027
ubuntu USN-778-1
vupen ADV-2006-2075
xf vixie-cron-docommand-gain-privilege(26691)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:36
Published 25-05-2006 - 16:02
Last modified 18-10-2018 - 12:40
Back to Top