NASLDB: SUSE-SA:2006:027: cron
General
ID: 21623
Name: SUSE-SA:2006:027: cron
Summary: Check for the version of the cron package
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –
Port: –
Family: SuSE Local Security Checks
Type: –
Description
The remote host is missing the patch for the advisory SUSE-SA:2006:027 (cron).
Vixie Cron is the default CRON daemon in all SUSE Linux based
distributions.
The code in do_command.c in Vixie cron does not check the return code
of a setuid call, which might allow local users to gain root privileges
if setuid fails in cases such as PAM failures or resource limits.
This problem is known to affect only distributions with Linux 2.6
kernels, but the package was updated for all distributions for
completeness.
This problem is tracked by the Mitre CVE ID CVE-2006-2607.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: –
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2006/06/01
Plugin
Version: 1.4
Filename: suse_SA_2006_027.nasl
Filesize: 2250 bytes
MD5 Hash: a5598c77bae3336b82233fa297278a12
Identification: –
Require Keys: Host/SuSE/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2006-2010 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack