LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Moderate: vixie-cron security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: vixie-cron security update
Advisory ID:       RHSA-2007:0345-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0345.html
Issue date:        2007-05-17
Updated on:        2007-05-17
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-1856 
- ---------------------------------------------------------------------

1. Summary:

Updated vixie-cron packages that fix a denial of service issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.

Raphael Marichez discovered a denial of service bug in the way vixie-cron
verifies crontab file integrity. A local user with the ability to create a
hardlink to /etc/crontab can prevent vixie-cron from executing certain
system  cron jobs. (CVE-2007-1856)

All users of vixie-cron should upgrade to these updated packages, which
contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

223662 - crond failed "Days of week" after a few hours on 1st/Jan
235880 - CVE-2007-1856 crontab denial of service

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

ia64:
dbd7433ff15f0aaf005cd1bbed789112  vixie-cron-4.1-19.EL3.ia64.rpm
1e75f2bf0383e74c5d491a023e4f4cff  vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm

ppc:
097b5ff35bfae9dc80600b1c5c625b28  vixie-cron-4.1-19.EL3.ppc.rpm
6642327a5b747246059681feb75c48c2  vixie-cron-debuginfo-4.1-19.EL3.ppc.rpm

s390:
825a473c9476f6c4c0998c9b37c87584  vixie-cron-4.1-19.EL3.s390.rpm
d6c108ff0f700e2637b8256e04027998  vixie-cron-debuginfo-4.1-19.EL3.s390.rpm

s390x:
a69ee247f2c81ef9baa7636c8f695ab5  vixie-cron-4.1-19.EL3.s390x.rpm
eae9c4a5d305cb0077125a51200f6bf8  vixie-cron-debuginfo-4.1-19.EL3.s390x.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

ia64:
dbd7433ff15f0aaf005cd1bbed789112  vixie-cron-4.1-19.EL3.ia64.rpm
1e75f2bf0383e74c5d491a023e4f4cff  vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/vixie-cron-4.1-19.EL3.src.rpm
7c765917fa13d34ca705284d0a51d16e  vixie-cron-4.1-19.EL3.src.rpm

i386:
ea525e4a8c8dc818b9e113c02a7e4c48  vixie-cron-4.1-19.EL3.i386.rpm
98df28b802964b3a687c6925708f08fd  vixie-cron-debuginfo-4.1-19.EL3.i386.rpm

ia64:
dbd7433ff15f0aaf005cd1bbed789112  vixie-cron-4.1-19.EL3.ia64.rpm
1e75f2bf0383e74c5d491a023e4f4cff  vixie-cron-debuginfo-4.1-19.EL3.ia64.rpm

x86_64:
c2440f24a81ded632ef8ce71c5f379a6  vixie-cron-4.1-19.EL3.x86_64.rpm
ff066a6188e453697086fc6bbd310294  vixie-cron-debuginfo-4.1-19.EL3.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

ia64:
2a8acdc3387f80b88b05d3caf37494b4  vixie-cron-4.1-47.EL4.ia64.rpm
d02b38ef9530988cf05c1bf4d14b084b  vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm

ppc:
68741ea68b37363dc302345cc3bf2209  vixie-cron-4.1-47.EL4.ppc.rpm
4fd9d72458e7571e12336d829b72e97f  vixie-cron-debuginfo-4.1-47.EL4.ppc.rpm

s390:
4bcc729825cd7622cc9cf2ce317f641f  vixie-cron-4.1-47.EL4.s390.rpm
610471c0b6115c8162bc338173bbbe69  vixie-cron-debuginfo-4.1-47.EL4.s390.rpm

s390x:
903f1dbd19ee18070d02b659d8d8ba83  vixie-cron-4.1-47.EL4.s390x.rpm
b3fb169573665923ed33b42ab92c569a  vixie-cron-debuginfo-4.1-47.EL4.s390x.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

ia64:
2a8acdc3387f80b88b05d3caf37494b4  vixie-cron-4.1-47.EL4.ia64.rpm
d02b38ef9530988cf05c1bf4d14b084b  vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/vixie-cron-4.1-47.EL4.src.rpm
c963050603bd83341aa5512719bcd6e1  vixie-cron-4.1-47.EL4.src.rpm

i386:
e50b7208f6e67ef36a941a9d53dd4ecd  vixie-cron-4.1-47.EL4.i386.rpm
f4f41c03fe2c620a4c88865ee7ccf9ba  vixie-cron-debuginfo-4.1-47.EL4.i386.rpm

ia64:
2a8acdc3387f80b88b05d3caf37494b4  vixie-cron-4.1-47.EL4.ia64.rpm
d02b38ef9530988cf05c1bf4d14b084b  vixie-cron-debuginfo-4.1-47.EL4.ia64.rpm

x86_64:
9cdec79f5fd5c4daaec883aa70bb6432  vixie-cron-4.1-47.EL4.x86_64.rpm
a389869eadbd3752839300ec2ee543a7  vixie-cron-debuginfo-4.1-47.EL4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/vixie-cron-4.1-70.el5.src.rpm
91b16cc530bd52916de05ebf3a291ec3  vixie-cron-4.1-70.el5.src.rpm

i386:
bf66188eda08c4e4410854a118448fce  vixie-cron-4.1-70.el5.i386.rpm
ebbfcef54ccd476f05ce6e107b8c6ae6  vixie-cron-debuginfo-4.1-70.el5.i386.rpm

x86_64:
2d9c6bdffb703c8ecdfb5bbac74a193e  vixie-cron-4.1-70.el5.x86_64.rpm
7090e5d8fbc61e8c148c3b5a8e849ee1  vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/vixie-cron-4.1-70.el5.src.rpm
91b16cc530bd52916de05ebf3a291ec3  vixie-cron-4.1-70.el5.src.rpm

i386:
bf66188eda08c4e4410854a118448fce  vixie-cron-4.1-70.el5.i386.rpm
ebbfcef54ccd476f05ce6e107b8c6ae6  vixie-cron-debuginfo-4.1-70.el5.i386.rpm

ia64:
4bd5c5c644d7cae8a7a35ee8a8db1fe3  vixie-cron-4.1-70.el5.ia64.rpm
52f06612b2ced2ffef0f10dcc2ef1211  vixie-cron-debuginfo-4.1-70.el5.ia64.rpm

ppc:
ccd2a860b388dcf0b8174ac301813692  vixie-cron-4.1-70.el5.ppc.rpm
b972e59606b597f9e6d8040927158294  vixie-cron-debuginfo-4.1-70.el5.ppc.rpm

s390x:
308a141f06dcf269d3fcbf80d464cd9d  vixie-cron-4.1-70.el5.s390x.rpm
c704c4150bea7712738eb444ad65a036  vixie-cron-debuginfo-4.1-70.el5.s390x.rpm

x86_64:
2d9c6bdffb703c8ecdfb5bbac74a193e  vixie-cron-4.1-70.el5.x86_64.rpm
7090e5d8fbc61e8c148c3b5a8e849ee1  vixie-cron-debuginfo-4.1-70.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1856
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Fixes 12 Vulnerabilities in Chrome 36
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.