Home

CVE-2010-0424

Description

The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

Risk Information

Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
Exploitation Probability
0.096

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2012:0304) Low: vixie-cron security, bug fix, and enhancement update vixie-cron-4.1-81.el5.i386.rpmLinux
(RHSA-2012:0304) Low: vixie-cron security, bug fix, and enhancement update vixie-cron-4.1-81.el5.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234