ID CVE-2007-1856
Summary Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
References
Vulnerable Configurations
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
  • cpe:2.3:a:paul_vixie:vixie_cron:4.1
    cpe:2.3:a:paul_vixie:vixie_cron:4.1
CVSS
Base: 2.1 (as of 18-04-2007 - 10:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0345.NASL
    description Updated vixie-cron packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25254
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25254
    title CentOS 3 / 4 / 5 : vixie-cron (CESA-2007:0345)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0345.NASL
    description Updated vixie-cron packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25267
    published 2007-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25267
    title RHEL 3 / 4 / 5 : vixie-cron (RHSA-2007:0345)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070517_VIXIE_CRON_ON_SL5_X.NASL
    description Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60186
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60186
    title Scientific Linux Security Update : vixie-cron on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CRON-3092.NASL
    description By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs (CVE-2007-1856). A re-emerged symlink bug allowed users to edit the crontab of other users (CVE-2005-1038).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27190
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27190
    title openSUSE 10 Security Update : cron (cron-3092)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CRON-3831.NASL
    description By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs. (CVE-2007-1856) A re-emerged symlink bug allowed users to edit the crontab of other users. (CVE-2005-1038) This is a reissue of the SLES10 update after Service Pack 1, since Service Pack 1 merge lost some of the fixes in the cron package.
    last seen 2019-02-21
    modified 2014-05-22
    plugin id 29408
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29408
    title SuSE 10 Security Update : cron (ZYPP Patch Number 3831)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0345.NASL
    description From Red Hat Security Advisory 2007:0345 : Updated vixie-cron packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67493
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67493
    title Oracle Linux 3 / 4 / 5 : vixie-cron (ELSA-2007-0345)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200704-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-200704-11 (Vixie Cron: Denial of Service) During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron files, while a st_nlink check in database.c will generate a superfluous error. Impact : Depending on the partitioning scheme and the 'cron' group membership, a malicious local user can create hard links to system or users cron files that will trigger the st_link safety check and prevent the targeted cron file from being run from the next restart or database reload. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25056
    published 2007-04-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25056
    title GLSA-200704-11 : Vixie Cron: Denial of Service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CRON-3093.NASL
    description By setting hard links to /etc/crontab users were able to prevent cron from running scheduled jobs. (CVE-2007-1856) A re-emerged symlink bug allowed users to edit the crontab of other users. (CVE-2005-1038)
    last seen 2019-02-21
    modified 2014-05-22
    plugin id 29407
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29407
    title SuSE 10 Security Update : cron (ZYPP Patch Number 3093)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-234.NASL
    description Raphael Marichez discovered a denial of service bug in how vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could prevent vixie-cron from executing certain system cron jobs. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 29201
    published 2007-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29201
    title Mandrake Linux Security Advisory : vixie-cron (MDKSA-2007:234)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2007-0006.NASL
    description Problems addressed by these patches : I Arbitrary code execution and denial of service vulnerabilities This release fixes a security vulnerability that could allow a guest operating system user with administrative privileges to cause memory corruption in a host process, and thus potentially execute arbitrary code on the host. (CVE-2007-4496) This release fixes a denial of service vulnerability that could allow a guest operating system to cause a host process to become unresponsive or exit unexpectedly. (CVE-2007-4497) Thanks to Rafal Wojtczvk of McAfee for identifying and reporting these issues. II Hosted products DHCP security vulnerabilities addressed This release fixes several vulnerabilities in the DHCP server that could enable a specially crafted packets to gain system-level privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063) Thanks to Neel Mehta and Ryan Smith of the IBM Internet Security Systems X-Force for discovering and researching these vulnerabilities. III Windows based hosted product vulnerability in IntraProcessLogging.dll and vielib.dll. This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file IntraProcessLogging.dll to overwrite files in a system. (CVE-2007-4059) This release fixes a security vulnerability that could allow a malicious remote user to exploit the library file vielib.dll to overwrite files in a system. (CVE-2007-4155) Thanks to the Goodfellas Security Research Team for discovering and researching these vulnerabilities. IV Escalation of privileges on Windows hosted systems This release fixes a security vulnerability in which Workstation was starting registered Windows services in an insecure manner. This vulnerability could allow a malicious user to escalate user privileges. Thanks to Foundstone for discovering this vulnerability. V Potential denial of service using VMware Player This release fixes a problem that prevented VMware Player from launching. This problem was accompanied by the error message VMware Player unrecoverable error: (player) Exception 0xc0000005 (access violation) has occurred. VI ESX Service Console updates a. Service console package Samba, has been updated to address the following issues : Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default username map script option. (CVE-2007-2447) Thanks to the Samba developers, TippingPoint, and iDefense for identifying and reporting these issues. Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 b. Updated bind package for the service console fixes a flaw with the way ISC BIND processed certain DNS query responses. ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. Under some circumstances, a malicious remote user could launch a Denial-of-Service attack on ESX Server hosts that had enabled DNSSEC validation. (CVE-2007-0494) Note: These issues only affect the service console network, and are not remote vulnerabilities for ESX Server hosts that have been set up with the security best practices provided by VMware. http://www.vmware.com/resources/techresources/726 c. This patch provides updated service console package krb5 update. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CVE-2007-2442, CVE-2007-2443, and CVE-2007-2798 to these security issues. Thanks to Wei Wang of McAfee Avert Labs discovered these vulnerabilities. Note: The VMware service console does not provide the kadmind binary, and is not affected by these issues, but a update has been provided for completeness. d. Service console update for vixie-cron This patch provides an updated service console package vixie-cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A denial of service issue was found in the way vixie-cron verified crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab could potentially prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) Thanks to Raphael Marichez for identifying this issue. e. Service console update for shadow-utils This patch provides an updated shadow-utils package. A new user's mailbox, when created, could have random permissions for a short period. This could enable a local malicious user to read or modify the mailbox. (CVE-2006-1174) f. Service console update for OpenLDAP This patch provides a updated OpenLDAP package. A flaw could allow users with selfwrite access to modify the distinguished name of any user, instead of being limited to modify only their own distinguished name. (CVE-2006-4600) g. Service console update for PAM This patch provides an updated PAM package A vulnerability was found that could allow console users with access to certain device files to cause damage to recordable CD drives. Certain file permissions have now been modified to disallow access. (CVE-2004-0813) A flaw was found with console device permissions. It was possible for various console devices to retain ownership of the previoius console user after logging out, which could result in leakage of information to an unauthorized user. (CVE-2007-1716) h. Service console update for GCC This patch provides security fixes for the service console GNU Compiler Collection (GCC) packages that include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. A flaw was found in the fastjar utility that could potentially allow a malicious user to create a JAR file which, if unpacked using fastjar, could write to any file that an authorized user had write access to. (CVE-2006-3619) Thanks to Jürgen Weigert for identifying this issue. i. Service Console update for GDB This patch provides a security fix for the service console GNU debugger (GDB). Various vulnerabilities were found in GDB. These vulnerabilities may allow a malicious user to deceive a user into loading debugging information into GDB, enabling the execution of arbitrary code with the privileges of the user. (CVE-2006-4146)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40370
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40370
    title VMSA-2007-0006 : Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
oval via4
accepted 2013-04-29T04:14:13.362-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
family unix
id oval:org.mitre.oval:def:11463
status accepted
submitted 2010-07-09T03:56:16-04:00
title Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.
version 24
redhat via4
advisories
bugzilla
id 235880
title CVE-2007-1856 crontab denial of service
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment vixie-cron is earlier than 0:4.1-19.EL3
      oval oval:com.redhat.rhsa:tst:20070345002
    • comment vixie-cron is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070345003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment vixie-cron is earlier than 4:4.1-47.EL4
      oval oval:com.redhat.rhsa:tst:20070345005
    • comment vixie-cron is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070345003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment vixie-cron is earlier than 4:4.1-70.el5
      oval oval:com.redhat.rhsa:tst:20070345007
    • comment vixie-cron is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070345008
rhsa
id RHSA-2007:0345
released 2007-05-17
severity Moderate
title RHSA-2007:0345: vixie-cron security update (Moderate)
rpms
  • vixie-cron-0:4.1-19.EL3
  • vixie-cron-4:4.1-47.EL4
  • vixie-cron-4:4.1-70.el5
refmap via4
bid 23520
confirm http://support.avaya.com/elmodocs2/security/ASA-2007-261.htm
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200704-11
mandriva MDKSA-2007:234
sectrack 1018081
secunia
  • 24905
  • 24995
  • 25321
  • 25723
  • 26909
  • 27706
  • 27886
suse SUSE-SR:2007:007
vupen ADV-2007-3229
Last major update 07-03-2011 - 21:53
Published 17-04-2007 - 23:19
Last modified 10-10-2017 - 21:32
Back to Top