This bug was fixed in the package cron - 3.0pl1-100ubuntu2.1
---------------
cron (3.0pl1-100ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: cron does not check the return code of setgid() and
initgroups(), which under certain circumstances could cause applications
to run with elevated group privileges. Note that the more serious issue
of not checking the return code of setuid() was fixed in 3.0pl1-64.
(LP: #46649)
- do_command.c: check return code of setgid() and initgroups()
- CVE-2006-2607
-- Jamie Strandboge <[email protected]> Tue, 12 May 2009 12:36:21
-0500
--
Cron not checking setgid return value
https://bugs.launchpad.net/bugs/46649
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
