CVE-2007-1856 – crontab denial of service
https://notcve.org/view.php?id=CVE-2007-1856
Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. Vixie Cron anterior a 4.1-r10 en Gentoo Linux es instalado con permisos inseguros, lo cual permite a usuarios locales provocar una denegación de servicio (fallo de cron) creando enlaces duros (hard links), lo cual resulta en el fallo de la comprobación st_nlink en database.c. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://rhn.redhat.com/errata/RHSA-2007-0345.html http://secunia.com/advisories/24905 http://secunia.com/advisories/24995 http://secunia.com/advisories/25321 http://secunia.com/advisories/25723 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 http://secunia.com/advisories/27886 http://security.gentoo.org/glsa/glsa-200704-11.xml http://support.avaya.com/elmodocs2/security/ASA- •
CVE-2006-2607 – Jobs start from root when pam_limits enabled
https://notcve.org/view.php?id=CVE-2006-2607
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. • http://bugs.gentoo.org/show_bug.cgi?id=134194 http://secunia.com/advisories/20380 http://secunia.com/advisories/20388 http://secunia.com/advisories/20616 http://secunia.com/advisories/21032 http://secunia.com/advisories/21702 http://secunia.com/advisories/35318 http://security.gentoo.org/glsa/glsa-200606-07.xml http://securitytracker.com/id?1016480 http://support.avaya.com/elmodocs2/security/ASA-2006-168.htm http://www.novell.com/linux/security/advisories/2006-05-32.html •
CVE-2005-1038
https://notcve.org/view.php?id=CVE-2005-1038
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://secunia.com/advisories/19532 http://secunia.com/advisories/20666 http://secunia.com/advisories/24995 http://support.avaya.com/elmodocs2/security/ASA-2006-118.htm http://www.novell.com/linux/security/advisories/2007_007_suse.html http://www.redhat.com/support/errata/RHSA-2005-361.html http://www.redhat.com/support/errata/RHSA-2006-0117.html http://www.securityfocus.com/archive/1/395093 http://ww •
CVE-1999-0872
https://notcve.org/view.php?id=CVE-1999-0872
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file. • http://www.securityfocus.com/bid/611 http://www.securityfocus.com/bid/759 •
CVE-1999-0769 – Caldera OpenLinux 2.2 / Debian 2.1/2.2 / RedHat 6.0 - Vixie Cron MAILTO Sendmail
https://notcve.org/view.php?id=CVE-1999-0769
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable. • https://www.exploit-db.com/exploits/19474 http://www.securityfocus.com/bid/611 •