Vixie Cron Crontab File Disclosure Vulnerability
BID:13024
Info
Vixie Cron Crontab File Disclosure Vulnerability
| Bugtraq ID: | 13024 |
| Class: | Design Error |
| CVE: |
CVE-2005-1038 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 06 2005 12:00AM |
| Updated: | Mar 19 2015 09:42AM |
| Credit: | Discovery is credited to Karol_WiEAsek <[email protected]>. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Office Server S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Desktop 4.0 RedHat Desktop 3.0 Red Hat Fedora Core4 Red Hat Fedora Core3 Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Paul Vixie Vixie Cron 4.1 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX |
| Not Vulnerable: | |
Discussion
Vixie Cron Crontab File Disclosure Vulnerability
Vixie cron crontab is reported prone to an information-disclosure vulnerability that may allow local attackers to access users' crontab files.
Reportedly, this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab.
Attackers may leverage this issue to access potentially sensitive data, which they may use to carry out further attacks against a computer.
Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. Other versions on different operating systems may be affected as well.
This issue may be specific to Red Hat operating systems and may be related to BID 1845 (HP-UX crontab /tmp File Vulnerability).
Vixie cron crontab is reported prone to an information-disclosure vulnerability that may allow local attackers to access users' crontab files.
Reportedly, this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab.
Attackers may leverage this issue to access potentially sensitive data, which they may use to carry out further attacks against a computer.
Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. Other versions on different operating systems may be affected as well.
This issue may be specific to Red Hat operating systems and may be related to BID 1845 (HP-UX crontab /tmp File Vulnerability).
Exploit / POC
Vixie Cron Crontab File Disclosure Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Vixie Cron Crontab File Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Please see the referenced advisories for more information and fixes.
Paul Vixie Vixie Cron 4.1
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Please see the referenced advisories for more information and fixes.
Paul Vixie Vixie Cron 4.1
-
Fedora vixie-cron-4.1-33_FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora vixie-cron-4.1-33_FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora vixie-cron-debuginfo-4.1-33_FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
Fedora vixie-cron-debuginfo-4.1-33_FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat vixie-cron-4.1-36.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat vixie-cron-4.1-36.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat vixie-cron-4.1-36.FC4.i386.rpm
RedHat Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat vixie-cron-4.1-36.FC4.ppc.rpm
RedHat Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat vixie-cron-4.1-36.FC4.x86_64.rpm
RedHat Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat vixie-cron-debuginfo-4.1-36.FC3.i386.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat vixie-cron-debuginfo-4.1-36.FC3.x86_64.rpm
RedHat Fedora Core 3
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ -
RedHat vixie-cron-debuginfo-4.1-36.FC4.i386.rpm
RedHat Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat vixie-cron-debuginfo-4.1-36.FC4.ppc.rpm
RedHat Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ -
RedHat vixie-cron-debuginfo-4.1-36.FC4.x86_64.rpm
RedHat Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
References
Vixie Cron Crontab File Disclosure Vulnerability
References:
References:
- ASA-2006-118 - vixie-cron security update (RHSA-2006-0117) (Avaya)
- Fedora Homepage (RedHat)
- RHSA-2005:361-19 - vixie-cron security update (RedHat)
- RHSA-2006:0117-7 - vixie-cron security update (Red Hat)
- crontab from vixie-cron allows read other users crontabs ("[ISO-8859-2] Karol Wi?sek"