Candidate: CVE-2009-3589
PublicDate: 2009-10-08 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3589
 http://inotify.aiken.cz/?section=incron&page=changelog&lang=en
Description:
 incron 0.5.5 does not initialize supplementary groups when running a
 process from a user's incrontabs, which causes the process to be run with
 the incrond supplementary groups and allows local users to gain privileges
 via an incrontab table.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_incron:
 vendor: http://cvs.fedoraproject.org/viewvc/rpms/incron/EL-5/incron-0.5.5-initgroups.patch?revision=1.1&view=markup
upstream_incron: needs-triage
dapper_incron: DNE
hardy_incron: not-affected (0.5.7-1)
intrepid_incron: ignored (reached end-of-life)
jaunty_incron: ignored (reached end-of-life)
karmic_incron: ignored (reached end-of-life)
lucid_incron: not-affected (0.5.7-1)
maverick_incron: not-affected (0.5.7-1)
natty_incron: not-affected (0.5.7-1)
devel_incron: not-affected (0.5.7-1)