Debian Security Advisory
cron -- local privilege escalation
- Date Reported:
- 18 Nov 2000
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2000-1096.
- More information:
- The version of Vixie Cron shipped with Debian
GNU/Linux 2.2 is vulnerable to a local attack, discovered by Michal
Zalewski. Several problems, including insecure permissions on
temporary files and race conditions in their deletion, allowed attacks
from a denial of service (preventing the editing of crontabs) to an
escalation of privilege (when another user edited their crontab).
As a temporary fix, "chmod go-rx /var/spool/cron/crontabs" prevents the only available exploit; however, it does not address the problem. We recommend upgrading to version 3.0pl1-57.1, for Debian 2.2, or 3.0pl1-61, for Debian unstable.
Also, in the new cron packages, it is no longer possible to specify special files (devices, named pipes, etc.) by name to crontab. Note that this is not so much a security fix as a sanity check.
Note: Debian GNU/Linux 2.1 is vulnerable to this attack. We recommend upgrading to Debian GNU/Linux 2.2 (potato).
- Fixed in:
Debian GNU/Linux 2.2 (potato)