Cron should not read and process core files, or anything else which contains non-ASCII contents. This would prevent exploits such as that used against CVE-2006-2451.
Provisional patch here:
Applies to cron version 3.0pl1-94.
Could also test file size too I guess, but that might lead to more false-positives.
If it looks reasonable I'll file it as a wishlist bug.
Updated: new patch to allow non-ASCII character sets/locales.
No tags No comments