Unrated severityNVD Advisory· Published May 25, 2006· Updated Apr 16, 2026
CVE-2006-2607
CVE-2006-2607
Description
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
Affected products
1- cpe:2.3:a:paul_vixie:vixie_cron:4.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- bugzilla.redhat.com/bugzilla/show_bug.cginvdExploitPatch
- secunia.com/advisories/20380nvdVendor Advisory
- bugs.gentoo.org/show_bug.cginvd
- secunia.com/advisories/20388nvd
- secunia.com/advisories/20616nvd
- secunia.com/advisories/21032nvd
- secunia.com/advisories/21702nvd
- secunia.com/advisories/35318nvd
- security.gentoo.org/glsa/glsa-200606-07.xmlnvd
- securitytracker.com/idnvd
- support.avaya.com/elmodocs2/security/ASA-2006-168.htmnvd
- www.novell.com/linux/security/advisories/2006-05-32.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0539.htmlnvd
- www.securityfocus.com/archive/1/435033/100/0/threadednvd
- www.securityfocus.com/bid/18108nvd
- www.vupen.com/english/advisories/2006/2075nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26691nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10213nvd
- usn.ubuntu.com/778-1/nvd
News mentions
0No linked articles in our index yet.