|
Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2006:027: cron Vulnerability Scan
Vulnerability Scan Summary Check for the version of the cron package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2006:027 (cron).
Vixie Cron is the default CRON daemon in all SUSE Linux based
distributions.
The code in do_command.c in Vixie cron does not check the return code
of a setuid call, which might allow local users to gain root rights
if setuid fails in cases such as PAM failures or resource limits.
This problem is known to affect only distributions with Linux 2.6
kernels, but the package was updated for all distributions for
completeness.
This problem is tracked by the Mitre CVE ID CVE-2006-2607.
Solution : http://www.suse.de/security/advisories/2006-05-32.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|