First published: Sun Apr 10 2005(Updated: )
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vixie Cron | =4.1 | |
Red Hat Enterprise Linux | =4.0 | |
Red Hat Enterprise Linux | =4.0 | |
Red Hat Enterprise Linux | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-1038 is considered a moderate severity vulnerability due to its potential to allow unauthorized access to cron files.
To fix CVE-2005-1038, it is recommended to update Vixie cron to a version that addresses this vulnerability.
Users of Vixie cron 4.1, particularly on Red Hat Enterprise Linux versions 4.0, are affected by CVE-2005-1038.
CVE-2005-1038 allows local users to perform a symlink attack to read the cron files of other users.
There is insufficient information to determine whether CVE-2005-1038 is a duplicate of CVE-2001-0235.