VULHUB ™

The Conectiva Vixie-Cron package has been reported prone to a potential denial of service vulnerability. The issue was introduced in a previous Vixie-Cron package update that was designed to address the vulnerability described in BID 2687. This package was found to introduce a problem whilst using cron.allow and cron.deny, to control access to the crontab application. It has been reported that if these files contain more than one user the crontab program will fail. A local attacker, who has the ability to write data into cron.allow and cron.deny files, may instigate an efficient denial of service against the crontab program.

The Conectiva Vixie-Cron package has been reported prone to a potential denial of service vulnerability. The issue was introduced in a previous Vixie-Cron package update that was designed to address the vulnerability described in BID 2687. This package was found to introduce a problem whilst using cron.allow and cron.deny, to control access to the crontab application. It has been reported that if these files contain more than one user the crontab program will fail. A local attacker, who has the ability to write data into cron.allow and cron.deny files, may instigate an efficient denial of service against the crontab program.