+++ This bug was initially created as a clone of Bug #235880 +++ Raphael Marichez of Gentoo reported a denial of service flaw in vixie-cron. By creating a hardlink to /etc/crontab, cron will stop executing the /etc/crontab file and deposit an error message in /var/log/cron. This can be easily tested by running: ln /etc/crontab /tmp/crontab tail -f /var/log/cron Here is the patch from Open Wall Linux: http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/vixie-cron/vixie-cron-4.1.20060426-owl-st_nlink.diff?rev=1.1;content-type=text%2Fplain This flaw also affects FC5
Thanks for patch. Fixed in vixie-cron-4.1-81
Reopening, as this is an unfixed security issue. Marcela: please push the fixed version into FC6.
Fixed in update vixie-cron-4.1-69.