Product: Solaris 8, Solaris 9, Solaris 10
A race condition security vulnerability in the Solaris crontab(1)utility may allow a local unprivileged user to inject arbitrarycron(1M) jobs into another local user's crontab file, leading toexecution of arbitrary code with the privileges of that user. Thiscondition may also be exploited to inject arbitrary entries into theroot user's crontab file under certain circumstances, thereby allowingthe local unprivileged user to execute arbitrary code with theprivileges of the root user.
Sun acknowledges with thanks, Charles Morris of Old Dominion Universityfor discovering and reporting this issue.
First released: 30-May-2008