Info

Disclosure

Oct 30, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private
Disclosure: Vendor Verified

Solution

IBM has released a patch to address this vulnerability. Additionally, it is possible to temporarily work around the flaw by implementing the following workaround: Removing the set-uid bit from the crontab program will protect against exploitation. However, doing so will render the program unusable.

Products

Unknown or Incomplete

References

Security Tracker: 1018871
CVE ID: 2007-4621 (see also: NVD)
Bugtraq ID: 26263
Secunia Advisory ID: 27437
Related OSVDB ID: 40393 40394 40395 40396 40397 40398 40399 40400 40401 40402 40403 40405 40406 40407
VUPEN Advisory: ADV-2007-3669
Vendor Specific News/Changelog Entry: ftp://aix.software.ibm.com/aix/efixes/security/crontab_ifix.tar http://www.ibm.com/support/docview.wss?uid=isg1IZ04832
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-10/0433.html
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=612
http://www.ibm.com/support/docview.wss?uid=isg1IZ04832

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/40404