CVE-2010-0424

Publication date 25 February 2010

Last updated 24 July 2024

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cron	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

kees

Debian cron is vixie 3.0-based, not 4.1-based, this was in 4.1 and later

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-0424