CVE-2006-2607

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/05/2006
Last modified:
03/04/2025

Description

do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:paul_vixie:vixie_cron:4.1:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools