Red Hat Bugzilla – Bug 235882
CVE-2007-1856 crontab denial of service
Last modified: 2007-11-30 17:12:01 EST
+++ This bug was initially created as a clone of Bug #235880 +++
Raphael Marichez of Gentoo reported a denial of service flaw in vixie-cron.
By creating a hardlink to /etc/crontab, cron will stop executing the
/etc/crontab file and deposit an error message in /var/log/cron.
This can be easily tested by running:
ln /etc/crontab /tmp/crontab
tail -f /var/log/cron
Here is the patch from Open Wall Linux:
This flaw also affects FC5
Thanks for patch. Fixed in vixie-cron-4.1-81
Reopening, as this is an unfixed security issue.
Marcela: please push the fixed version into FC6.
Fixed in update vixie-cron-4.1-69.