Information Leakage in crontab on FreeBSD and Apple Mac OS X
CVE-2011-1073

Currently unrated

Key Information:

Vendor

FreeBSD

Status
FreeBSD
Mac Os X
Vendor
CVE Published:
4 March 2011

What is CVE-2011-1073?

The crontab utility in FreeBSD and Apple Mac OS X has a vulnerability that allows local users to exploit symlink attacks on temporary files. This exploitation can lead to the detection of the existence of arbitrary files due to improper handling of symlinks. Additionally, it enables unauthorized users to perform MD5 checksum comparisons on files, potentially exposing sensitive information. Proper validation strategies should be implemented to mitigate these risks and enhance the security posture of systems utilizing crontab.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65899
vdb-entryx_refsource_XF
http://openwall.com/lists/oss-security/2011/02/28/14
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/46604
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2011-1073 : Information Leakage in crontab on FreeBSD and Apple Mac OS X