BID:18108

Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

CVE-2006-2607 |

Info

Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

Bugtraq ID:	18108
Class:	Design Error
CVE:	CVE-2006-2607
Remote:	No
Local:	Yes
Published:	May 25 2006 12:00AM
Updated:	Jun 01 2009 07:49PM
Credit:	Discovery is credited to Roman Veretelnikov.
Vulnerable:	Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 TransSoft Broker FTP Server 8.0 TransSoft Broker FTP Server 7.0 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 10.1 Redhat Fedora Core4 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Paul Vixie Vixie Cron 4.1 + Redhat Fedora Core3 Gentoo Linux Avaya Messaging Storage Server MM3.0

Not Vulnerable:

Discussion

Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

Vixie cron is prone to a local privilege-escalation vulnerability because the application fails to properly drop superuser privileges in certain circumstances when executing jobs.

This issue allows local attackers who have been authorized to execute cron jobs to run arbitrary commands with superuser privileges. This facilitates the complete compromise of affected computers.

Vixie cron 4.1 is vulnerable when used in conjunction with pam_limits. Other versions may also be affected.

Exploit / POC

Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

To trigger this issue, attackers use the affected cron utility in a normal manner.

Solution / Fix

Vixie Cron PAM_Limits Local Privilege Escalation Vulnerability

Solution:
Updates are available. Please see the references for more information.

Ubuntu Ubuntu Linux 8.04 LTS powerpc