Gentoo Linux Security Advisory 201311-4 - A vulnerability has been found in Vixie cron, allowing local attackers to conduct symlink attacks. Versions less than 4.1-r14 are affected.
6bc842d51eb7bb8a9da436181babaadbe98081658d440d4527da599cb8e01e65
Red Hat Security Advisory 2012-0304-03 - The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack.
20f8b6e84058f26f0a2aa7c3ef9a59ac3c3520c25f2a1e85c0d6337273bce2b3