PT-2009-5871 · Incron · Incron
Published
2009-10-08
·
Updated
2009-10-08
·
CVE-2009-3589
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
incron version 0.5.5
Description
The issue is related to the initialization of supplementary groups when running a process from a user's incrontabs. This causes the process to be run with the incrond supplementary groups, allowing local users to gain privileges via an incrontab table.
Recommendations
For incron version 0.5.5, update to a newer version that initializes supplementary groups correctly when running processes from user incrontabs.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Incron