RHEL 5 : vixie-cron (RHSA-2012:0304)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An updated vixie-cron package that fixes one security issue, several
bugs, and adds one enhancement is now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
The vixie-cron package adds improved security and more powerful
configuration options to the standard version of cron.

A race condition was found in the way the crontab program performed
file time stamp updates on a temporary file created when editing a
user crontab file. A local attacker could use this flaw to change the
modification time of arbitrary system files via a symbolic link
attack. (CVE-2010-0424)

Red Hat would like to thank Dan Rosenberg for reporting this issue.

This update also fixes the following bugs :

* Cron jobs of users with home directories mounted on a Lightweight
Directory Access Protocol (LDAP) server or Network File System (NFS)
were often refused because jobs were marked as orphaned (typically due
to a temporary NSS lookup failure, when NIS and LDAP servers were
unreachable). With this update, a database of orphans is created, and
cron jobs are performed as expected. (BZ#455664)

* Previously, cron did not log any errors if a cron job file located
in the /etc/cron.d/ directory contained invalid entries. An upstream
patch has been applied to address this problem and invalid entries in
the cron job files now produce warning messages. (BZ#460070)

* Previously, the '@reboot' crontab macro incorrectly ran jobs when
the crond daemon was restarted. If the user used the macro on multiple
machines, all entries with the '@reboot' option were executed every
time the crond daemon was restarted. With this update, jobs are
executed only when the machine is rebooted. (BZ#476972)

* The crontab utility is now compiled as a position-independent
executable (PIE), which enhances the security of the system.
(BZ#480930)

* When the parent crond daemon was stopped, but a child crond daemon
was running (executing a program), the 'service crond status' command
incorrectly reported that crond was running. The source code has been
modified, and the 'service crond status' command now correctly reports
that crond is stopped. (BZ#529632)

* According to the pam(8) manual page, the cron daemon, crond,
supports access control with PAM (Pluggable Authentication Module).
However, the PAM configuration file for crond did not export
environment variables correctly and, consequently, setting PAM
variables via cron did not work. This update includes a corrected
/etc/pam.d/crond file that exports environment variables correctly.
Setting pam variables via cron now works as documented in the pam(8)
manual page. (BZ#541189)

* Previously, the mcstransd daemon modified labels for the crond
daemon. When the crond daemon attempted to use the modified label and
mcstransd was not running, crond used an incorrect label.
Consequently, Security-Enhanced Linux (SELinux) denials filled up the
cron log, no jobs were executed, and crond had to be restarted. With
this update, both mcstransd and crond use raw SELinux labels, which
prevents the problem. (BZ#625016)

* Previously, the crontab(1) and cron(8) manual pages contained
multiple typographical errors. This update fixes those errors.
(BZ#699620, BZ#699621)

In addition, this update adds the following enhancement :

* Previously, the crontab utility did not use the Pluggable
Authentication Module (PAM) for verification of users. As a
consequence, a user could access crontab even if access had been
restricted (usually by being denied in the access.conf file). With
this update, crontab returns an error message that the user is not
allowed to access crontab because of PAM configuration. (BZ#249512)

All vixie-cron users should upgrade to this updated package, which
resolves these issues and adds this enhancement.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-0424.html
http://rhn.redhat.com/errata/RHSA-2012-0304.html

Solution :

Update the affected vixie-cron and / or vixie-cron-debuginfo packages.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 2.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 58058 ()

Bugtraq ID: 38391

CVE ID: CVE-2010-0424