[CentOS] Cron Problem

Sun Sep 3 01:09:03 UTC 2006
Rodrigo Barbosa <rodrigob at darkover.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Sep 02, 2006 at 04:25:34PM -0400, Matthew T. O'Connor wrote:
> Cron is sending me an email once per minute, the emails look like this:
> 
> Subject:
> Cron <root at host>  chown root:root /dev/shm/local/local5 && chmod 4755 
> /dev/shm/local/local5 && rm -rf /etc/cron.d/core && kill -USR1 7140
> 
> Body:
> chown: cannot access `/dev/shm/local/local5': No such file or directory
> 
> I've un-installed and reinstalled the vixie-cron packages, I have 
> verified that they are not corrupted by using rpm --verify vixie-cron, I 
> have checked all the crontabs on the system there aren't any running 
> every minute.
> 
> I don't understand why this is happening, anyone have any insight?

Someone is either trying or already managed to exploit your machine
using CVE-2006-2451.

Make sure you are using at least 2.6.9-34.0.2, where this issue was
fixed. Any version older than that is vulnerable, and you are in
deep trouble.

To manually remove the file that is triggering the cron message,
check for a file named core.XXXXX (where XXXXX is a number) inside
/etc/cron.d.


- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE+isvpdyWzQ5b5ckRAiLIAJ9EhJTWtifAhDv/kG9XjS45rkkWnwCfaed/
fTObM0OkYc5madKFiyTB+/E=
=qOLh
-----END PGP SIGNATURE-----