Roman Veretelnikov

Name of the Vulnerable Software and Affected Versions: vixie-cron version 4.1 vixie-cron versions prior to 4.1-r9 Description: The issue is related to a lack of return code checking for a setuid call in do command.c, potentially allowing local users to gain root privileges under certain conditions, such as PAM failures or resource limits. This could lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed locally. Recommendations: For vixie-cron version 4.1, update to a version that includes the fix for this issue. For vixie-cron versions prior to 4.1-r9, update to version 4.1-r9 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources and monitoring system logs for suspicious activity until a patch is applied.