CVE-2009-3589

EUVD-2009-3570
incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
inotifyincron
0.5.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
incron
bookworm
0.5.12-4
fixed
sid
0.5.12-4
fixed
trixie
0.5.12-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
incron
dapper
dne
hardy
not-affected
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://koji.fedoraproject.org/koji/buildinfo?buildID=134880
https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5
http://koji.fedoraproject.org/koji/buildinfo?buildID=134880
https://admin.fedoraproject.org/updates/incron-0.5.5-2.el5