Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
BID:23520
Info
Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
| Bugtraq ID: | 23520 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-1856 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 16 2007 12:00AM |
| Updated: | Mar 19 2015 09:12AM |
| Credit: | Discovery is credited to Raphael Marichez of the Gentoo Linux Security Team. |
| Vulnerable: |
VMWare ESX Server 3.0.1 VMWare ESX Server 3.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise Desktop 10 SGI ProPack 3.0 SP6 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Office Server S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Desktop 4.0 RedHat Desktop 3.0 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux 5 Server Paul Vixie Vixie Cron 4.1 Paul Vixie Vixie Cron 3.0.1 Paul Vixie Vixie Cron 3.0 pl1-67 Paul Vixie Vixie Cron 3.0 pl1 Pardus Linux 2007.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Gentoo Linux Avaya SES 2.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking Avaya Intuity LX 2.0 Avaya Intuity LX Avaya EMMC 0 Avaya Communication Manager 2.0.1 Avaya Communication Manager 2.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya CCS 3.1.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya Aura SIP Enablement Services 3.1.1 Avaya Aura SIP Enablement Services 3.0 Avaya Aura Application Enablement Services 3.1.3 |
| Not Vulnerable: | |
Discussion
Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
Vixie Cron is prone to a local denial-of-service vulnerability.
This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.
A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.
Vixie Cron versions prior to 4.1-r10 are vulnerable.
Vixie Cron is prone to a local denial-of-service vulnerability.
This issue occurs when attackers create hard file links to cron files belonging to both privileged and normal users.
A local attacker may exploit this issue to prevent cron files owned by privileged and non-privileged users from being executed at startup or on the next reload of the cron database.
Vixie Cron versions prior to 4.1-r10 are vulnerable.
Exploit / POC
Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error
or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error
or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
Vixie Cron ST_Nlink Check Local Denial of Service Vulnerability
References:
References: