CVE-2009-3589

incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
inotifyincron
0.5.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
incron
sid
0.5.12-4
fixed
trixie
0.5.12-4
fixed
bookworm
0.5.12-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
incron
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
not-affected
dapper
dne
Common Weakness Enumeration
References
http://koji.fedoraproject.org/koji/buildinfo?buildID=134880
https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5
http://koji.fedoraproject.org/koji/buildinfo?buildID=134880
https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5