Sun Alert 237864 A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code

Product: Solaris 8, Solaris 9, Solaris 10

A race condition security vulnerability in the Solaris crontab(1)utility may allow a local unprivileged user to inject arbitrarycron(1M) jobs into another local user's crontab file, leading toexecution of arbitrary code with the privileges of that user. Thiscondition may also be exploited to inject arbitrary entries into theroot user's crontab file under certain circumstances, thereby allowingthe local unprivileged user to execute arbitrary code with theprivileges of the root user.

Sun acknowledges with thanks, Charles Morris of Old Dominion Universityfor discovering and reporting this issue.

State: Resolved
First released: 30-May-2008
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today