Advisories:rPSA-2006-0082
From rPath Wiki
rPath Security Advisory 2006-0082-2
Published: 2006-05-25
Updated
- 2006-05-25 Reference the assigned CVE number
Products
- rPath Linux 1
Rating
- Critical
Exposure Level Classification
- Local Root Deterministic Privilege Escalation
Updated Versions
- vixie-cron=conary.rpath.com@rpl:1/4.1-5.2-1
rPath Issue Tracking System
References
Description
- In previous versions of the vixie-cron package, when the
- /etc/security/limits.conf file has been set up with limits for
- any user, and that user has permission to use the cron facility,
- that user can use vixie-cron to run arbitrary programs as root by
- exceeding the limits set in /etc/security/limits.conf.
- By default, rPath Linux does not include any limits configured
- in the /etc/security/limits.conf file. The /etc/security/limits.conf
- file is provided by the pam:data component, so to determine whether
- it has been changed in any way, run the command:
- conary verify pam:data | grep /etc/security/limits.conf
Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html