Red Hat Bugzilla – Bug 565809
CVE-2010-0424 vixie-cron, cronie: Race condition by setting timestamp of user's crontab file, when editing the file
Last modified: 2015-07-31 07:50:07 EDT
Race condition was found in the way vixie-cron and cronie
used to set up timestamp (modification time) for crontab
file of the individual user by editing the file. A local
attacker could use this flaw to conduct unintended changes
of timestamp (modification time) value against various
system files, potentially leading to denial of their service.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
This issue affects the versions of the vixie-cron package,
as shipped with Red Hat Enterprise Linux 3, 4, and 5.
This issue affects the versions of the cronie package,
as shipped with Fedora release of 11 and 12.
CVE-2010-0424 has been assigned for this.
cronie-1.4.3-4.fc12 has been submitted as an update for Fedora 12.
cronie-1.4.4-1.fc13 has been submitted as an update for Fedora 13.
cronie-1.4.3-4.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
cronie-1.4.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
cronie-1.3-4.fc11 has been submitted as an update for Fedora 11.
cronie-1.3-4.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2012:0304 https://rhn.redhat.com/errata/RHSA-2012-0304.html