The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Alerts
May 30, 2008

Sun Alert 237864 A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code

Guest Author

Product: Solaris 8, Solaris 9, Solaris 10

A race condition security vulnerability in the Solaris crontab(1)utility may allow a local unprivileged user to inject arbitrarycron(1M) jobs into another local user's crontab file, leading toexecution of arbitrary code with the privileges of that user. Thiscondition may also be exploited to inject arbitrary entries into theroot user's crontab file under certain circumstances, thereby allowingthe local unprivileged user to execute arbitrary code with theprivileges of the root user.

Sun acknowledges with thanks, Charles Morris of Old Dominion Universityfor discovering and reporting this issue.

State: Resolved

First released: 30-May-2008

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-237864-1

Be the first to comment

Comments ( 0 )

Recent Content

Oracle

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 237864 A Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code

Be the first to comment

Recent Content

Alerts

Multiple vulnerabilities in Pidgin

Alerts

Multiple Vulnerabilities in Adobe Flash Player

Alerts

CVE-2013-2116 Input Validation vulnerability in GnuTLS