Race condition was found in the way vixie-cron and cronie used to set up timestamp (modification time) for crontab file of the individual user by editing the file. A local attacker could use this flaw to conduct unintended changes of timestamp (modification time) value against various system files, potentially leading to denial of their service. Acknowledgements: Red Hat would like to thank Dan Rosenberg for reporting this issue.
This issue affects the versions of the vixie-cron package, as shipped with Red Hat Enterprise Linux 3, 4, and 5. This issue affects the versions of the cronie package, as shipped with Fedora release of 11 and 12.
CVE-2010-0424 has been assigned for this.
cronie-1.4.3-4.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cronie-1.4.3-4.fc12
cronie-1.4.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cronie-1.4.4-1.fc13
cronie-1.4.3-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
cronie-1.4.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
cronie-1.3-4.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/cronie-1.3-4.fc11
cronie-1.3-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
Statement: (none)
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0304 https://rhn.redhat.com/errata/RHSA-2012-0304.html