CVE-2010-0424
cronie < 1.4.4 - Denial of Service via Symlink Attack on Temporary File
Title source: llmDescription
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.
References (7)
Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=565809
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38700
Various Sources x_refsource_confirm
http://git.fedorahosted.org/git/cronie.git?p=cronie.git%3Ba=commit%3Bh=9e4a8fa5f9171fb724981f53879c9b20264aeb61
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38741
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48104
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38391
Scores
EPSS
0.0035
EPSS Percentile
26.3%
Details
CWE
CWE-59
Status
published
Products (2)
fedorahosted/cronie
< 1.4.3
paul_vixie/vixie_cron
Published
Feb 25, 2010
Tracked Since
Feb 18, 2026