ID FEDORA_2010-4300.NASL Type nessus Reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2010-4300.
#
include("compat.inc");
if (description)
{
script_id(47348);
script_version("1.12");
script_cvs_date("Date: 2019/08/02 13:32:32");
script_cve_id("CVE-2010-0424");
script_bugtraq_id(38391);
script_xref(name:"FEDORA", value:"2010-4300");
script_name(english:"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=565809"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?d6c4438e"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected cronie package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(59);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cronie");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/03/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC11", reference:"cronie-1.3-4.fc11")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cronie");
}
{"id": "FEDORA_2010-4300.NASL", "bulletinFamily": "scanner", "title": "Fedora 11 : cronie-1.3-4.fc11 (2010-4300)", "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2010-07-01T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/47348", "reporter": "This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?d6c4438e", "https://bugzilla.redhat.com/show_bug.cgi?id=565809"], "cvelist": ["CVE-2010-0424"], "type": "nessus", "lastseen": "2019-11-01T02:26:49", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:cronie", "cpe:/o:fedoraproject:fedora:11"], "cvelist": ["CVE-2010-0424"], "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-10-28T20:11:13", "references": [{"idList": ["OPENVAS:1361412562310121063", "OPENVAS:1361412562310123970", "OPENVAS:861703", "OPENVAS:1361412562310870550", "OPENVAS:870550", "OPENVAS:1361412562310861703", "OPENVAS:861779", "OPENVAS:1361412562310861779"], "type": "openvas"}, {"idList": ["ELSA-2012-0304"], "type": "oraclelinux"}, {"idList": ["GLSA-201311-04"], "type": "gentoo"}, {"idList": ["FEDORA_2010-2751.NASL", "GENTOO_GLSA-201311-04.NASL", "SL_20120221_VIXIE_CRON_ON_SL5_X.NASL", "SUSE_CRON-6865.NASL", "SUSE_11_2_CRON-100219.NASL", "ORACLELINUX_ELSA-2012-0304.NASL", "REDHAT-RHSA-2012-0304.NASL", "FEDORA_2010-3642.NASL", "SUSE_11_0_CRON-100219.NASL", "SUSE_11_CRON-100219.NASL"], "type": "nessus"}, {"idList": ["RHSA-2012:0304", "RHSA-2012:0168"], "type": "redhat"}, {"idList": ["CVE-2010-0424"], "type": "cve"}]}, "score": {"modified": "2019-10-28T20:11:13", "value": 5.3, "vector": "NONE"}}, "hash": "44ef4fa0a663147a291b5f5ff3ea570346027f74de8aa589cd270c762320a6ed", "hashmap": [{"hash": "a198e8be1418624d8f34b403598eaf3a", "key": "href"}, {"hash": "dfd5373ae2c8be8b2b4288429c1d4a85", "key": "pluginID"}, {"hash": "ae66a38ce966c6e727491ac2d65e23dd", "key": "description"}, {"hash": "9b0e46dace93367b7e91f251d817f95a", "key": "reporter"}, {"hash": "f8129e628a243c2613ef286590a9a6c5", "key": "cpe"}, {"hash": "8da0809b92881c05bd8f37c479450778", "key": "published"}, {"hash": "f725e185e5650e4231a4625d5506648f", "key": "cvelist"}, {"hash": "77de9efea2217843001bf66ac0075530", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "495721931f37f4750eff4607fe9f7f58", "key": "references"}, {"hash": "885272b7f0830e59b541e62268200602", "key": "title"}, {"hash": "da93ce934991f6db2b94b355797c9166", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/47348", "id": "FEDORA_2010-4300.NASL", "lastseen": "2019-10-28T20:11:13", "modified": "2019-10-02T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "47348", "published": "2010-07-01T00:00:00", "references": ["http://www.nessus.org/u?d6c4438e", "https://bugzilla.redhat.com/show_bug.cgi?id=565809"], "reporter": "This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4300.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47348);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:32\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-4300\");\n\n script_name(english:\"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6c4438e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cronie-1.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "title": "Fedora 11 : cronie-1.3-4.fc11 (2010-4300)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-10-28T20:11:13"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:cronie", "cpe:/o:fedoraproject:fedora:11"], "cvelist": ["CVE-2010-0424"], "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-02-21T01:13:32", "references": [{"idList": ["OPENVAS:1361412562310121063", "OPENVAS:1361412562310123970", "OPENVAS:861703", "OPENVAS:1361412562310870550", "OPENVAS:870550", "OPENVAS:1361412562310861703", "OPENVAS:861779", "OPENVAS:1361412562310861779"], "type": "openvas"}, {"idList": ["ELSA-2012-0304"], "type": "oraclelinux"}, {"idList": ["GLSA-201311-04"], "type": "gentoo"}, {"idList": ["FEDORA_2010-2751.NASL", "GENTOO_GLSA-201311-04.NASL", "SL_20120221_VIXIE_CRON_ON_SL5_X.NASL", "SUSE_CRON-6865.NASL", "SUSE_11_2_CRON-100219.NASL", "ORACLELINUX_ELSA-2012-0304.NASL", "REDHAT-RHSA-2012-0304.NASL", "FEDORA_2010-3642.NASL", "SUSE_11_0_CRON-100219.NASL", "SUSE_11_CRON-100219.NASL"], "type": "nessus"}, {"idList": ["RHSA-2012:0304", "RHSA-2012:0168"], "type": "redhat"}, {"idList": ["CVE-2010-0424"], "type": "cve"}]}, "score": {"modified": "2019-02-21T01:13:32", "value": 5.3, "vector": "NONE"}}, "hash": "7d9510987b833100ad72de58cdb12ae7814cae94c9c54baf431e0be98b766133", "hashmap": [{"hash": "b5c5c525cb2faeb35365e3aa33c2ec06", "key": "href"}, {"hash": "28bc99e7d2beb772db882c11eae2572b", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "dfd5373ae2c8be8b2b4288429c1d4a85", "key": "pluginID"}, {"hash": "f8129e628a243c2613ef286590a9a6c5", "key": "cpe"}, {"hash": "8da0809b92881c05bd8f37c479450778", "key": "published"}, {"hash": "f725e185e5650e4231a4625d5506648f", "key": "cvelist"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d82e5473b48351d5ef66660c21ced17e", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "495721931f37f4750eff4607fe9f7f58", "key": "references"}, {"hash": "d069fc6abf48b107301f4dadd894bf42", "key": "description"}, {"hash": "885272b7f0830e59b541e62268200602", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47348", "id": "FEDORA_2010-4300.NASL", "lastseen": "2019-02-21T01:13:32", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "47348", "published": "2010-07-01T00:00:00", "references": ["http://www.nessus.org/u?d6c4438e", "https://bugzilla.redhat.com/show_bug.cgi?id=565809"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4300.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47348);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-4300\");\n\n script_name(english:\"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6c4438e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cronie-1.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "title": "Fedora 11 : cronie-1.3-4.fc11 (2010-4300)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 7, "lastseen": "2019-02-21T01:13:32"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:cronie", "cpe:/o:fedoraproject:fedora:11"], "cvelist": ["CVE-2010-0424"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}}, "hash": "02cb0b3aac34f2a17fabd42b1cd6dcaf5a73f0c40b53cc8e22a3303f083afce5", "hashmap": [{"hash": "b5c5c525cb2faeb35365e3aa33c2ec06", "key": "href"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "dfd5373ae2c8be8b2b4288429c1d4a85", "key": "pluginID"}, {"hash": "f8129e628a243c2613ef286590a9a6c5", "key": "cpe"}, {"hash": "885b8a7da4c010964d447f2cc4ff1959", "key": "sourceData"}, {"hash": "8da0809b92881c05bd8f37c479450778", "key": "published"}, {"hash": "f725e185e5650e4231a4625d5506648f", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "495721931f37f4750eff4607fe9f7f58", "key": "references"}, {"hash": "d069fc6abf48b107301f4dadd894bf42", "key": "description"}, {"hash": "885272b7f0830e59b541e62268200602", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47348", "id": "FEDORA_2010-4300.NASL", "lastseen": "2018-08-30T19:55:22", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "47348", "published": "2010-07-01T00:00:00", "references": ["http://www.nessus.org/u?d6c4438e", "https://bugzilla.redhat.com/show_bug.cgi?id=565809"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4300.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47348);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:38:16 $\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-4300\");\n\n script_name(english:\"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6c4438e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cronie-1.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "title": "Fedora 11 : cronie-1.3-4.fc11 (2010-4300)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:55:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:cronie", "cpe:/o:fedoraproject:fedora:11"], "cvelist": ["CVE-2010-0424"], "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:10:46", "references": [{"idList": ["OPENVAS:1361412562310121063", "OPENVAS:1361412562310123970", "OPENVAS:861703", "OPENVAS:1361412562310870550", "OPENVAS:870550", "OPENVAS:1361412562310861703", "OPENVAS:861779", "OPENVAS:1361412562310861779"], "type": "openvas"}, {"idList": ["ELSA-2012-0304"], "type": "oraclelinux"}, {"idList": ["FEDORA_2010-2751.NASL", "SL_20120221_VIXIE_CRON_ON_SL5_X.NASL", "SUSE_CRON-6865.NASL", "SUSE_11_1_CRON-100219.NASL", "ORACLELINUX_ELSA-2012-0304.NASL", "REDHAT-RHSA-2012-0304.NASL", "FEDORA_2010-3642.NASL", "SUSE_11_0_CRON-100219.NASL", "SUSE_11_CRON-100219.NASL", "SUSE_CRON-6864.NASL"], "type": "nessus"}, {"idList": ["GLSA-201311-04"], "type": "gentoo"}, {"idList": ["RHSA-2012:0304", "RHSA-2012:0168"], "type": "redhat"}, {"idList": ["CVE-2010-0424"], "type": "cve"}]}, "score": {"value": 10.0, "vector": "NONE"}}, "hash": "ae37b86f8a51fe88727a1149f91e9a4e4aee4e11989267c3c79d75ba6ccf1b41", "hashmap": [{"hash": "b5c5c525cb2faeb35365e3aa33c2ec06", "key": "href"}, {"hash": "28bc99e7d2beb772db882c11eae2572b", "key": "sourceData"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "dfd5373ae2c8be8b2b4288429c1d4a85", "key": "pluginID"}, {"hash": "ae66a38ce966c6e727491ac2d65e23dd", "key": "description"}, {"hash": "f8129e628a243c2613ef286590a9a6c5", "key": "cpe"}, {"hash": "8da0809b92881c05bd8f37c479450778", "key": "published"}, {"hash": "f725e185e5650e4231a4625d5506648f", "key": "cvelist"}, {"hash": "460b12446c99e9f96de9e7fe92f5d167", "key": "modified"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d82e5473b48351d5ef66660c21ced17e", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "495721931f37f4750eff4607fe9f7f58", "key": "references"}, {"hash": "885272b7f0830e59b541e62268200602", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47348", "id": "FEDORA_2010-4300.NASL", "lastseen": "2019-01-16T20:10:46", "modified": "2018-11-28T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "47348", "published": "2010-07-01T00:00:00", "references": ["http://www.nessus.org/u?d6c4438e", "https://bugzilla.redhat.com/show_bug.cgi?id=565809"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4300.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47348);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/28 22:47:43\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-4300\");\n\n script_name(english:\"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6c4438e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cronie-1.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "title": "Fedora 11 : cronie-1.3-4.fc11 (2010-4300)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:10:46"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2010-0424"], "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "bd2d737725522482951e7e6c62a627712b202c47ca940dea0b9e73e501f76f76", "hashmap": [{"hash": "b5c5c525cb2faeb35365e3aa33c2ec06", "key": "href"}, {"hash": "de38caaccc231e6a74b77a602b35db95", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "dfd5373ae2c8be8b2b4288429c1d4a85", "key": "pluginID"}, {"hash": "885b8a7da4c010964d447f2cc4ff1959", "key": "sourceData"}, {"hash": "8da0809b92881c05bd8f37c479450778", "key": "published"}, {"hash": "f725e185e5650e4231a4625d5506648f", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "d82e5473b48351d5ef66660c21ced17e", "key": "cvss"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "495721931f37f4750eff4607fe9f7f58", "key": "references"}, {"hash": "d069fc6abf48b107301f4dadd894bf42", "key": "description"}, {"hash": "885272b7f0830e59b541e62268200602", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=47348", "id": "FEDORA_2010-4300.NASL", "lastseen": "2016-09-26T17:26:19", "modified": "2015-10-20T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "47348", "published": "2010-07-01T00:00:00", "references": ["http://www.nessus.org/u?d6c4438e", "https://bugzilla.redhat.com/show_bug.cgi?id=565809"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4300.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47348);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:38:16 $\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-4300\");\n\n script_name(english:\"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6c4438e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cronie-1.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "title": "Fedora 11 : cronie-1.3-4.fc11 (2010-4300)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:26:19"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "f8129e628a243c2613ef286590a9a6c5"}, {"key": "cvelist", "hash": "f725e185e5650e4231a4625d5506648f"}, {"key": "cvss", "hash": "77de9efea2217843001bf66ac0075530"}, {"key": "description", "hash": "ae66a38ce966c6e727491ac2d65e23dd"}, {"key": "href", "hash": "a198e8be1418624d8f34b403598eaf3a"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "dfd5373ae2c8be8b2b4288429c1d4a85"}, {"key": "published", "hash": "8da0809b92881c05bd8f37c479450778"}, {"key": "references", "hash": "495721931f37f4750eff4607fe9f7f58"}, {"key": "reporter", "hash": "9b0e46dace93367b7e91f251d817f95a"}, {"key": "sourceData", "hash": "da93ce934991f6db2b94b355797c9166"}, {"key": "title", "hash": "885272b7f0830e59b541e62268200602"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "2e7557ec0226094e666d62b6363ff4efd156c7f7dc58df9d13c02a5a6978e1f2", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-0424"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0304"]}, {"type": "openvas", "idList": ["OPENVAS:870550", "OPENVAS:1361412562310861779", "OPENVAS:1361412562310870550", "OPENVAS:1361412562310121063", "OPENVAS:1361412562310861703", "OPENVAS:861779", "OPENVAS:861703", "OPENVAS:1361412562310123970"]}, {"type": "nessus", "idList": ["SUSE_11_CRON-100219.NASL", "SUSE_11_0_CRON-100219.NASL", "SL_20120221_VIXIE_CRON_ON_SL5_X.NASL", "SUSE_11_2_CRON-100219.NASL", "SUSE_CRON-6865.NASL", "FEDORA_2010-3642.NASL", "FEDORA_2010-2751.NASL", "REDHAT-RHSA-2012-0304.NASL", "ORACLELINUX_ELSA-2012-0304.NASL", "SUSE_CRON-6864.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201311-04"]}, {"type": "redhat", "idList": ["RHSA-2012:0304", "RHSA-2012:0168"]}], "modified": "2019-11-01T02:26:49"}, "score": {"value": 5.3, "vector": "NONE", "modified": "2019-11-01T02:26:49"}, "vulnersScore": 5.3}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4300.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47348);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:32\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-4300\");\n\n script_name(english:\"Fedora 11 : cronie-1.3-4.fc11 (2010-4300)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0424\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6c4438e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"cronie-1.3-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "47348", "cpe": ["p-cpe:/a:fedoraproject:fedora:cronie", "cpe:/o:fedoraproject:fedora:11"], "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:10:26", "bulletinFamily": "NVD", "description": "The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.", "modified": "2018-01-06T02:29:00", "id": "CVE-2010-0424", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0424", "published": "2010-02-25T19:30:00", "title": "CVE-2010-0424", "type": "cve", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:18", "bulletinFamily": "unix", "description": "[4:4.1-81]\n- 455664 adoptions of crontab orphans, forgot add buffer for list of\n orphans\n- Related: rhbz#455664\n[4:4.1-80]\n- 654961 crond process ignores the changes of user's home directory needs\n bigger changes of code. The fix wasn't applied, detail in comment#11.\n- Related: rhbz#249512\n[4:4.1-79]\n- CVE-2010-0424 vixie-cron, cronie: Race condition by setting timestamp \n of user's crontab file, when editing the file\n- Resolves: rhbz#741534\n[4:4.1-78]\n- 625016 - crond requires a restart if mcstransd is stopped \n- Resolves: rhbz#625016\n[4:4.1-78]\n- 460070 entries in cronjobs in /etc/cron.d are checked for valid syntax\n- Resolves: rhbz#460070\n[4:4.1-78]\n- 455664 adoptions of crontab orphans\n- 249512 crontab should verify a user's access to PAM cron service\n- Resolves: rhbz#455664, rhbz#249512\n[4:4.1-78]\n- 699621 and 699620 man page fix\n- 529632 service crond status return correct status\n- 480930 set correct pie options in CFLAGS and LDFLAGS\n- 476972 crontab error with @reboot entry\n- Resolves: rhbz#699621, rhbz#699620, rhbz#529632, rhbz#480930, rhbz#476972", "modified": "2012-03-01T00:00:00", "published": "2012-03-01T00:00:00", "id": "ELSA-2012-0304", "href": "http://linux.oracle.com/errata/ELSA-2012-0304.html", "title": "vixie-cron security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-02T10:56:23", "bulletinFamily": "scanner", "description": "Check for the Version of vixie-cron", "modified": "2017-12-28T00:00:00", "published": "2012-02-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870550", "id": "OPENVAS:870550", "title": "RedHat Update for vixie-cron RHSA-2012:0304-03", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vixie-cron RHSA-2012:0304-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The vixie-cron package contains the Vixie version of cron. Cron is a\n standard UNIX daemon that runs specified programs at scheduled times. The\n vixie-cron package adds improved security and more powerful configuration\n options to the standard version of cron.\n\n A race condition was found in the way the crontab program performed file\n time stamp updates on a temporary file created when editing a user crontab\n file. A local attacker could use this flaw to change the modification time\n of arbitrary system files via a symbolic link attack. (CVE-2010-0424)\n\n Red Hat would like to thank Dan Rosenberg for reporting this issue.\n\n This update also fixes the following bugs:\n\n * Cron jobs of users with home directories mounted on a Lightweight\n Directory Access Protocol (LDAP) server or Network File System (NFS) were\n often refused because jobs were marked as orphaned (typically due to a\n temporary NSS lookup failure, when NIS and LDAP servers were unreachable).\n With this update, a database of orphans is created, and cron jobs are\n performed as expected. (BZ#455664)\n\n * Previously, cron did not log any errors if a cron job file located in the\n /etc/cron.d/ directory contained invalid entries. An upstream patch has\n been applied to address this problem and invalid entries in the cron job\n files now produce warning messages. (BZ#460070)\n\n * Previously, the "@reboot" crontab macro incorrectly ran jobs when the\n crond daemon was restarted. If the user used the macro on multiple\n machines, all entries with the "@reboot" option were executed every time\n the crond daemon was restarted. With this update, jobs are executed only\n when the machine is rebooted. (BZ#476972)\n\n * The crontab utility is now compiled as a position-independent executable\n (PIE), which enhances the security of the system. (BZ#480930)\n\n * When the parent crond daemon was stopped, but a child crond daemon was\n running (executing a program), the "service crond status" command\n incorrectly reported that crond was running. The source code has been\n modified, and the "service crond status" command now correctly reports that\n crond is stopped. (BZ#529632)\n\n * According to the pam(8) manual page, the cron daemon, crond, supports\n access control with PAM (Pluggable Authentication Module). However, the PAM\n configuration file for crond did not export environment variables correctly\n and, consequently, setting PAM variables via cron did not work. This update\n includes a corrected /etc/pam.d/crond file that exports environmen ... \n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"vixie-cron on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00056.html\");\n script_id(870550);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:37 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2010-0424\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0304-03\");\n script_name(\"RedHat Update for vixie-cron RHSA-2012:0304-03\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of vixie-cron\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"vixie-cron\", rpm:\"vixie-cron~4.1~81.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vixie-cron-debuginfo\", rpm:\"vixie-cron-debuginfo~4.1~81.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:04:47", "bulletinFamily": "scanner", "description": "Check for the Version of cronie", "modified": "2018-01-04T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861779", "id": "OPENVAS:1361412562310861779", "title": "Fedora Update for cronie FEDORA-2010-4300", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cronie FEDORA-2010-4300\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cronie on Fedora 11\";\ntag_insight = \"Cronie contains the standard UNIX daemon crond that runs specified programs at\n scheduled times and related tools. It is a fork of the original vixie-cron and\n has security and configuration enhancements like the ability to use pam and\n SELinux.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861779\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-4300\");\n script_cve_id(\"CVE-2010-0424\");\n script_name(\"Fedora Update for cronie FEDORA-2010-4300\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cronie\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"cronie\", rpm:\"cronie~1.3~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:13", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:1361412562310870550", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870550", "title": "RedHat Update for vixie-cron RHSA-2012:0304-03", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for vixie-cron RHSA-2012:0304-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00056.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870550\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:37 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2010-0424\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0304-03\");\n script_name(\"RedHat Update for vixie-cron RHSA-2012:0304-03\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'vixie-cron'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"vixie-cron on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The vixie-cron package contains the Vixie version of cron. Cron is a\n standard UNIX daemon that runs specified programs at scheduled times. The\n vixie-cron package adds improved security and more powerful configuration\n options to the standard version of cron.\n\n A race condition was found in the way the crontab program performed file\n time stamp updates on a temporary file created when editing a user crontab\n file. A local attacker could use this flaw to change the modification time\n of arbitrary system files via a symbolic link attack. (CVE-2010-0424)\n\n Red Hat would like to thank Dan Rosenberg for reporting this issue.\n\n This update also fixes the following bugs:\n\n * Cron jobs of users with home directories mounted on a Lightweight\n Directory Access Protocol (LDAP) server or Network File System (NFS) were\n often refused because jobs were marked as orphaned (typically due to a\n temporary NSS lookup failure, when NIS and LDAP servers were unreachable).\n With this update, a database of orphans is created, and cron jobs are\n performed as expected. (BZ#455664)\n\n * Previously, cron did not log any errors if a cron job file located in the\n /etc/cron.d/ directory contained invalid entries. An upstream patch has\n been applied to address this problem and invalid entries in the cron job\n files now produce warning messages. (BZ#460070)\n\n * Previously, the '@reboot' crontab macro incorrectly ran jobs when the\n crond daemon was restarted. If the user used the macro on multiple\n machines, all entries with the '@reboot' option were executed every time\n the crond daemon was restarted. With this update, jobs are executed only\n when the machine is rebooted. (BZ#476972)\n\n * The crontab utility is now compiled as a position-independent executable\n (PIE), which enhances the security of the system. (BZ#480930)\n\n * When the parent crond daemon was stopped, but a child crond daemon was\n running (executing a program), the 'service crond status' command\n incorrectly reported that crond was running. The source code has been\n modified, and the 'service crond status' command now correctly reports that\n crond is stopped. (BZ#529632)\n\n * According to the pam(8) manual page, the cron daemon, crond, supports\n access control with PAM (Pluggable Authentication Module). However, the PAM\n configuration file for crond did not export environment variables correctly\n and, consequently, setting PAM variables via cron did not work. This update\n includes a corrected /etc/pam.d/crond file that exports environmen ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"vixie-cron\", rpm:\"vixie-cron~4.1~81.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"vixie-cron-debuginfo\", rpm:\"vixie-cron-debuginfo~4.1~81.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:41", "bulletinFamily": "scanner", "description": "Gentoo Linux Local Security Checks GLSA 201311-04", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121063", "title": "Gentoo Security Advisory GLSA 201311-04", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201311-04.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121063\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:16 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201311-04\");\n script_tag(name:\"insight\", value:\"Vixie cron contains a race condition relating to atime and mtime values of temporary files.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201311-04\");\n script_cve_id(\"CVE-2010-0424\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201311-04\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"sys-process/vixie-cron\", unaffected: make_list(\"ge 4.1-r14\"), vulnerable: make_list(\"lt 4.1-r14\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-01-02T10:54:41", "bulletinFamily": "scanner", "description": "Check for the Version of cronie", "modified": "2017-12-28T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861703", "id": "OPENVAS:1361412562310861703", "title": "Fedora Update for cronie FEDORA-2010-2751", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cronie FEDORA-2010-2751\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cronie on Fedora 12\";\ntag_insight = \"Cronie contains the standard UNIX daemon crond that runs specified programs at\n scheduled times and related tools. It is a fork of the original vixie-cron and\n has security and configuration enhancements like the ability to use pam and\n SELinux.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861703\");\n script_version(\"$Revision: 8254 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 08:29:05 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-2751\");\n script_cve_id(\"CVE-2010-0424\");\n script_name(\"Fedora Update for cronie FEDORA-2010-2751\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cronie\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"cronie\", rpm:\"cronie~1.4.3~4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:52", "bulletinFamily": "scanner", "description": "Check for the Version of cronie", "modified": "2017-12-14T00:00:00", "published": "2010-03-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861703", "id": "OPENVAS:861703", "title": "Fedora Update for cronie FEDORA-2010-2751", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cronie FEDORA-2010-2751\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cronie on Fedora 12\";\ntag_insight = \"Cronie contains the standard UNIX daemon crond that runs specified programs at\n scheduled times and related tools. It is a fork of the original vixie-cron and\n has security and configuration enhancements like the ability to use pam and\n SELinux.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html\");\n script_id(861703);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-2751\");\n script_cve_id(\"CVE-2010-0424\");\n script_name(\"Fedora Update for cronie FEDORA-2010-2751\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cronie\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"cronie\", rpm:\"cronie~1.4.3~4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:04", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2012-0304", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123970", "title": "Oracle Linux Local Check: ELSA-2012-0304", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0304.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123970\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:59 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0304\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0304 - vixie-cron security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0304\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0304.html\");\n script_cve_id(\"CVE-2010-0424\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"vixie-cron\", rpm:\"vixie-cron~4.1~81.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-12-15T11:57:43", "bulletinFamily": "scanner", "description": "Check for the Version of cronie", "modified": "2017-12-15T00:00:00", "published": "2010-03-22T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861779", "id": "OPENVAS:861779", "title": "Fedora Update for cronie FEDORA-2010-4300", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for cronie FEDORA-2010-4300\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"cronie on Fedora 11\";\ntag_insight = \"Cronie contains the standard UNIX daemon crond that runs specified programs at\n scheduled times and related tools. It is a fork of the original vixie-cron and\n has security and configuration enhancements like the ability to use pam and\n SELinux.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037318.html\");\n script_id(861779);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-4300\");\n script_cve_id(\"CVE-2010-0424\");\n script_name(\"Fedora Update for cronie FEDORA-2010-4300\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of cronie\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"cronie\", rpm:\"cronie~1.3~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-03T12:17:48", "bulletinFamily": "scanner", "description": "This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry.\n\nAdditionally the return value of initgroups() is verified now.\n(CVE-2010-0424: CVSS v2 Base Score: 3.6)", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_CRON-100219.NASL", "href": "https://www.tenable.com/plugins/nessus/45104", "published": "2010-03-19T00:00:00", "title": "SuSE 11 Security Update : cron (SAT Patch Number 2027)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45104);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2010-0424\");\n\n script_name(english:\"SuSE 11 Security Update : cron (SAT Patch Number 2027)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry.\n\nAdditionally the return value of initgroups() is verified now.\n(CVE-2010-0424: CVSS v2 Base Score: 3.6)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=580800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0424.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2027.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:cron\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"cron-4.1-194.19.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"cron-4.1-194.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"cron-4.1-194.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:21", "bulletinFamily": "scanner", "description": "This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry. CVE-2010-0424: CVSS v2 Base Score: 3.6 Additionally the return\nvalue of initgroups() is verified now.", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_0_CRON-100219.NASL", "href": "https://www.tenable.com/plugins/nessus/45095", "published": "2010-03-19T00:00:00", "title": "openSUSE Security Update : cron (cron-2026)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cron-2026.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45095);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2010-0424\");\n\n script_name(english:\"openSUSE Security Update : cron (cron-2026)\");\n script_summary(english:\"Check for the cron-2026 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry. CVE-2010-0424: CVSS v2 Base Score: 3.6 Additionally the return\nvalue of initgroups() is verified now.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=580800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cron package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cron\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"cron-4.1-172.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cron\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-01T02:26:49", "bulletinFamily": "scanner", "description": " - Bug #565809 - CVE-2010-0424 vixie-cron, cronie: Race\n condition by setting timestamp of user", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2010-3642.NASL", "href": "https://www.tenable.com/plugins/nessus/47323", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : cronie-1.4.4-1.fc13 (2010-3642)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3642.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47323);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/08/02 13:32:32\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"FEDORA\", value:\"2010-3642\");\n\n script_name(english:\"Fedora 13 : cronie-1.4.4-1.fc13 (2010-3642)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Bug #565809 - CVE-2010-0424 vixie-cron, cronie: Race\n condition by setting timestamp of user's crontab file,\n when editing the file\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036474.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8e09af9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"cronie-1.4.4-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-01T02:26:48", "bulletinFamily": "scanner", "description": "CVE-2010-0424 vixie-cron, cronie: Race condition by setting timestamp\nof user", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2010-2751.NASL", "href": "https://www.tenable.com/plugins/nessus/47294", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : cronie-1.4.3-4.fc12 (2010-2751)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-2751.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47294);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:32\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_xref(name:\"FEDORA\", value:\"2010-2751\");\n\n script_name(english:\"Fedora 12 : cronie-1.4.3-4.fc12 (2010-2751)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2010-0424 vixie-cron, cronie: Race condition by setting timestamp\nof user's crontab file, when editing the file .\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=565809\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035762.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a138d422\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected cronie package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:cronie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"cronie-1.4.3-4.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cronie\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-01T03:20:35", "bulletinFamily": "scanner", "description": "An updated vixie-cron package that fixes one security issue, several\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times.\nThe vixie-cron package adds improved security and more powerful\nconfiguration options to the standard version of cron.\n\nA race condition was found in the way the crontab program performed\nfile time stamp updates on a temporary file created when editing a\nuser crontab file. A local attacker could use this flaw to change the\nmodification time of arbitrary system files via a symbolic link\nattack. (CVE-2010-0424)\n\nRed Hat would like to thank Dan Rosenberg for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Cron jobs of users with home directories mounted on a Lightweight\nDirectory Access Protocol (LDAP) server or Network File System (NFS)\nwere often refused because jobs were marked as orphaned (typically due\nto a temporary NSS lookup failure, when NIS and LDAP servers were\nunreachable). With this update, a database of orphans is created, and\ncron jobs are performed as expected. (BZ#455664)\n\n* Previously, cron did not log any errors if a cron job file located\nin the /etc/cron.d/ directory contained invalid entries. An upstream\npatch has been applied to address this problem and invalid entries in\nthe cron job files now produce warning messages. (BZ#460070)\n\n* Previously, the ", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2012-0304.NASL", "href": "https://www.tenable.com/plugins/nessus/58058", "published": "2012-02-21T00:00:00", "title": "RHEL 5 : vixie-cron (RHSA-2012:0304)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0304. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58058);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:35\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"RHSA\", value:\"2012:0304\");\n\n script_name(english:\"RHEL 5 : vixie-cron (RHSA-2012:0304)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated vixie-cron package that fixes one security issue, several\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times.\nThe vixie-cron package adds improved security and more powerful\nconfiguration options to the standard version of cron.\n\nA race condition was found in the way the crontab program performed\nfile time stamp updates on a temporary file created when editing a\nuser crontab file. A local attacker could use this flaw to change the\nmodification time of arbitrary system files via a symbolic link\nattack. (CVE-2010-0424)\n\nRed Hat would like to thank Dan Rosenberg for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Cron jobs of users with home directories mounted on a Lightweight\nDirectory Access Protocol (LDAP) server or Network File System (NFS)\nwere often refused because jobs were marked as orphaned (typically due\nto a temporary NSS lookup failure, when NIS and LDAP servers were\nunreachable). With this update, a database of orphans is created, and\ncron jobs are performed as expected. (BZ#455664)\n\n* Previously, cron did not log any errors if a cron job file located\nin the /etc/cron.d/ directory contained invalid entries. An upstream\npatch has been applied to address this problem and invalid entries in\nthe cron job files now produce warning messages. (BZ#460070)\n\n* Previously, the '@reboot' crontab macro incorrectly ran jobs when\nthe crond daemon was restarted. If the user used the macro on multiple\nmachines, all entries with the '@reboot' option were executed every\ntime the crond daemon was restarted. With this update, jobs are\nexecuted only when the machine is rebooted. (BZ#476972)\n\n* The crontab utility is now compiled as a position-independent\nexecutable (PIE), which enhances the security of the system.\n(BZ#480930)\n\n* When the parent crond daemon was stopped, but a child crond daemon\nwas running (executing a program), the 'service crond status' command\nincorrectly reported that crond was running. The source code has been\nmodified, and the 'service crond status' command now correctly reports\nthat crond is stopped. (BZ#529632)\n\n* According to the pam(8) manual page, the cron daemon, crond,\nsupports access control with PAM (Pluggable Authentication Module).\nHowever, the PAM configuration file for crond did not export\nenvironment variables correctly and, consequently, setting PAM\nvariables via cron did not work. This update includes a corrected\n/etc/pam.d/crond file that exports environment variables correctly.\nSetting pam variables via cron now works as documented in the pam(8)\nmanual page. (BZ#541189)\n\n* Previously, the mcstransd daemon modified labels for the crond\ndaemon. When the crond daemon attempted to use the modified label and\nmcstransd was not running, crond used an incorrect label.\nConsequently, Security-Enhanced Linux (SELinux) denials filled up the\ncron log, no jobs were executed, and crond had to be restarted. With\nthis update, both mcstransd and crond use raw SELinux labels, which\nprevents the problem. (BZ#625016)\n\n* Previously, the crontab(1) and cron(8) manual pages contained\nmultiple typographical errors. This update fixes those errors.\n(BZ#699620, BZ#699621)\n\nIn addition, this update adds the following enhancement :\n\n* Previously, the crontab utility did not use the Pluggable\nAuthentication Module (PAM) for verification of users. As a\nconsequence, a user could access crontab even if access had been\nrestricted (usually by being denied in the access.conf file). With\nthis update, crontab returns an error message that the user is not\nallowed to access crontab because of PAM configuration. (BZ#249512)\n\nAll vixie-cron users should upgrade to this updated package, which\nresolves these issues and adds this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-0424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0304\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected vixie-cron and / or vixie-cron-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vixie-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:vixie-cron-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0304\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vixie-cron-4.1-81.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vixie-cron-4.1-81.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vixie-cron-4.1-81.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"vixie-cron-debuginfo-4.1-81.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"vixie-cron-debuginfo-4.1-81.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"vixie-cron-debuginfo-4.1-81.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vixie-cron / vixie-cron-debuginfo\");\n }\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-03T12:29:44", "bulletinFamily": "scanner", "description": "This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry.\n\n - CVSS v2 Base Score: 3.6 Additionally the return value of\n initgroups() is verified now. (CVE-2010-0424)", "modified": "2019-11-02T00:00:00", "id": "SUSE_CRON-6865.NASL", "href": "https://www.tenable.com/plugins/nessus/49841", "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : cron (ZYPP Patch Number 6865)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(49841);\n script_version (\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:40\");\n\n script_cve_id(\"CVE-2010-0424\");\n\n script_name(english:\"SuSE 10 Security Update : cron (ZYPP Patch Number 6865)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry.\n\n - CVSS v2 Base Score: 3.6 Additionally the return value of\n initgroups() is verified now. (CVE-2010-0424)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-0424.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6865.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"cron-4.1-45.31.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"cron-4.1-45.31.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-03T12:17:32", "bulletinFamily": "scanner", "description": "This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry. CVE-2010-0424: CVSS v2 Base Score: 3.6 Additionally the return\nvalue of initgroups() is verified now.", "modified": "2019-11-02T00:00:00", "id": "SUSE_11_2_CRON-100219.NASL", "href": "https://www.tenable.com/plugins/nessus/45101", "published": "2010-03-19T00:00:00", "title": "openSUSE Security Update : cron (cron-2026)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update cron-2026.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45101);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2010-0424\");\n\n script_name(english:\"openSUSE Security Update : cron (cron-2026)\");\n script_summary(english:\"Check for the cron-2026 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of cron fixes a race condition in crontab that can be used\nto change the time-stamp of arbitrary files while editing the crontab\nentry. CVE-2010-0424: CVSS v2 Base Score: 3.6 Additionally the return\nvalue of initgroups() is verified now.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=580800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected cron package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cron\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"cron-4.1-195.197.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cron\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-03T12:12:56", "bulletinFamily": "scanner", "description": "The vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times.\nThe vixie-cron package adds improved security and more powerful\nconfiguration options to the standard version of cron.\n\nA race condition was found in the way the crontab program performed\nfile time stamp updates on a temporary file created when editing a\nuser crontab file. A local attacker could use this flaw to change the\nmodification time of arbitrary system files via a symbolic link\nattack. (CVE-2010-0424)\n\nThis update also fixes the following bugs :\n\n - Cron jobs of users with home directories mounted on a\n Lightweight Directory Access Protocol (LDAP) server or\n Network File System (NFS) were often refused because\n jobs were marked as orphaned (typically due to a\n temporary NSS lookup failure, when NIS and LDAP servers\n were unreachable). With this update, a database of\n orphans is created, and cron jobs are performed as\n expected.\n\n - Previously, cron did not log any errors if a cron job\n file located in the /etc/cron.d/ directory contained\n invalid entries. An upstream patch has been applied to\n address this problem and invalid entries in the cron job\n files now produce warning messages.\n\n - Previously, the ", "modified": "2019-11-02T00:00:00", "id": "SL_20120221_VIXIE_CRON_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61273", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : vixie-cron on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61273);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/07/11 12:05:37\");\n\n script_cve_id(\"CVE-2010-0424\");\n\n script_name(english:\"Scientific Linux Security Update : vixie-cron on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times.\nThe vixie-cron package adds improved security and more powerful\nconfiguration options to the standard version of cron.\n\nA race condition was found in the way the crontab program performed\nfile time stamp updates on a temporary file created when editing a\nuser crontab file. A local attacker could use this flaw to change the\nmodification time of arbitrary system files via a symbolic link\nattack. (CVE-2010-0424)\n\nThis update also fixes the following bugs :\n\n - Cron jobs of users with home directories mounted on a\n Lightweight Directory Access Protocol (LDAP) server or\n Network File System (NFS) were often refused because\n jobs were marked as orphaned (typically due to a\n temporary NSS lookup failure, when NIS and LDAP servers\n were unreachable). With this update, a database of\n orphans is created, and cron jobs are performed as\n expected.\n\n - Previously, cron did not log any errors if a cron job\n file located in the /etc/cron.d/ directory contained\n invalid entries. An upstream patch has been applied to\n address this problem and invalid entries in the cron job\n files now produce warning messages.\n\n - Previously, the '@reboot' crontab macro incorrectly ran\n jobs when the crond daemon was restarted. If the user\n used the macro on multiple machines, all entries with\n the '@reboot' option were executed every time the crond\n daemon was restarted. With this update, jobs are\n executed only when the machine is rebooted.\n\n - The crontab utility is now compiled as a\n position-independent executable (PIE), which enhances\n the security of the system.\n\n - When the parent crond daemon was stopped, but a child\n crond daemon was running (executing a program), the\n 'service crond status' command incorrectly reported that\n crond was running. The source code has been modified,\n and the 'service crond status' command now correctly\n reports that crond is stopped.\n\n - According to the pam(8) manual page, the cron daemon,\n crond, supports access control with PAM (Pluggable\n Authentication Module). However, the PAM configuration\n file for crond did not export environment variables\n correctly and, consequently, setting PAM variables via\n cron did not work. This update includes a corrected\n /etc/pam.d/crond file that exports environment variables\n correctly. Setting pam variables via cron now works as\n documented in the pam(8) manual page.\n\n - Previously, the mcstransd daemon modified labels for the\n crond daemon. When the crond daemon attempted to use the\n modified label and mcstransd was not running, crond used\n an incorrect label. Consequently, Security-Enhanced\n Linux (SELinux) denials filled up the cron log, no jobs\n were executed, and crond had to be restarted. With this\n update, both mcstransd and crond use raw SELinux labels,\n which prevents the problem.\n\n - Previously, the crontab(1) and cron(8) manual pages\n contained multiple typographical errors. This update\n fixes those errors.\n\nIn addition, this update adds the following enhancement :\n\n - Previously, the crontab utility did not use the\n Pluggable Authentication Module (PAM) for verification\n of users. As a consequence, a user could access crontab\n even if access had been restricted (usually by being\n denied in the access.conf file). With this update,\n crontab returns an error message that the user is not\n allowed to access crontab because of PAM configuration.\n\nAll vixie-cron users should upgrade to this updated package, which\nresolves these issues and adds this enhancement.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=2788\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c64f48eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected vixie-cron and / or vixie-cron-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"vixie-cron-4.1-81.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"vixie-cron-debuginfo-4.1-81.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-01T03:14:22", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2012:0304 :\n\nAn updated vixie-cron package that fixes one security issue, several\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times.\nThe vixie-cron package adds improved security and more powerful\nconfiguration options to the standard version of cron.\n\nA race condition was found in the way the crontab program performed\nfile time stamp updates on a temporary file created when editing a\nuser crontab file. A local attacker could use this flaw to change the\nmodification time of arbitrary system files via a symbolic link\nattack. (CVE-2010-0424)\n\nRed Hat would like to thank Dan Rosenberg for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Cron jobs of users with home directories mounted on a Lightweight\nDirectory Access Protocol (LDAP) server or Network File System (NFS)\nwere often refused because jobs were marked as orphaned (typically due\nto a temporary NSS lookup failure, when NIS and LDAP servers were\nunreachable). With this update, a database of orphans is created, and\ncron jobs are performed as expected. (BZ#455664)\n\n* Previously, cron did not log any errors if a cron job file located\nin the /etc/cron.d/ directory contained invalid entries. An upstream\npatch has been applied to address this problem and invalid entries in\nthe cron job files now produce warning messages. (BZ#460070)\n\n* Previously, the ", "modified": "2019-11-02T00:00:00", "id": "ORACLELINUX_ELSA-2012-0304.NASL", "href": "https://www.tenable.com/plugins/nessus/68475", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : vixie-cron (ELSA-2012-0304)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0304 and \n# Oracle Linux Security Advisory ELSA-2012-0304 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68475);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/30 10:58:17\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"RHSA\", value:\"2012:0304\");\n\n script_name(english:\"Oracle Linux 5 : vixie-cron (ELSA-2012-0304)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0304 :\n\nAn updated vixie-cron package that fixes one security issue, several\nbugs, and adds one enhancement is now available for Red Hat Enterprise\nLinux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times.\nThe vixie-cron package adds improved security and more powerful\nconfiguration options to the standard version of cron.\n\nA race condition was found in the way the crontab program performed\nfile time stamp updates on a temporary file created when editing a\nuser crontab file. A local attacker could use this flaw to change the\nmodification time of arbitrary system files via a symbolic link\nattack. (CVE-2010-0424)\n\nRed Hat would like to thank Dan Rosenberg for reporting this issue.\n\nThis update also fixes the following bugs :\n\n* Cron jobs of users with home directories mounted on a Lightweight\nDirectory Access Protocol (LDAP) server or Network File System (NFS)\nwere often refused because jobs were marked as orphaned (typically due\nto a temporary NSS lookup failure, when NIS and LDAP servers were\nunreachable). With this update, a database of orphans is created, and\ncron jobs are performed as expected. (BZ#455664)\n\n* Previously, cron did not log any errors if a cron job file located\nin the /etc/cron.d/ directory contained invalid entries. An upstream\npatch has been applied to address this problem and invalid entries in\nthe cron job files now produce warning messages. (BZ#460070)\n\n* Previously, the '@reboot' crontab macro incorrectly ran jobs when\nthe crond daemon was restarted. If the user used the macro on multiple\nmachines, all entries with the '@reboot' option were executed every\ntime the crond daemon was restarted. With this update, jobs are\nexecuted only when the machine is rebooted. (BZ#476972)\n\n* The crontab utility is now compiled as a position-independent\nexecutable (PIE), which enhances the security of the system.\n(BZ#480930)\n\n* When the parent crond daemon was stopped, but a child crond daemon\nwas running (executing a program), the 'service crond status' command\nincorrectly reported that crond was running. The source code has been\nmodified, and the 'service crond status' command now correctly reports\nthat crond is stopped. (BZ#529632)\n\n* According to the pam(8) manual page, the cron daemon, crond,\nsupports access control with PAM (Pluggable Authentication Module).\nHowever, the PAM configuration file for crond did not export\nenvironment variables correctly and, consequently, setting PAM\nvariables via cron did not work. This update includes a corrected\n/etc/pam.d/crond file that exports environment variables correctly.\nSetting pam variables via cron now works as documented in the pam(8)\nmanual page. (BZ#541189)\n\n* Previously, the mcstransd daemon modified labels for the crond\ndaemon. When the crond daemon attempted to use the modified label and\nmcstransd was not running, crond used an incorrect label.\nConsequently, Security-Enhanced Linux (SELinux) denials filled up the\ncron log, no jobs were executed, and crond had to be restarted. With\nthis update, both mcstransd and crond use raw SELinux labels, which\nprevents the problem. (BZ#625016)\n\n* Previously, the crontab(1) and cron(8) manual pages contained\nmultiple typographical errors. This update fixes those errors.\n(BZ#699620, BZ#699621)\n\nIn addition, this update adds the following enhancement :\n\n* Previously, the crontab utility did not use the Pluggable\nAuthentication Module (PAM) for verification of users. As a\nconsequence, a user could access crontab even if access had been\nrestricted (usually by being denied in the access.conf file). With\nthis update, crontab returns an error message that the user is not\nallowed to access crontab because of PAM configuration. (BZ#249512)\n\nAll vixie-cron users should upgrade to this updated package, which\nresolves these issues and adds this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002655.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected vixie-cron package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:vixie-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"vixie-cron-4.1-81.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vixie-cron\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-11-01T02:40:30", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201311-04\n(Vixie cron: Denial of Service)\n\n Vixie cron contains a race condition relating to atime and mtime values\n of temporary files.\n \nImpact :\n\n A local attacker could change the modification time of files, possibly\n resulting in a Denial of Service condition via a symlink attack.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201311-04.NASL", "href": "https://www.tenable.com/plugins/nessus/70779", "published": "2013-11-07T00:00:00", "title": "GLSA-201311-04 : Vixie cron: Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201311-04.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70779);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/12 19:01:15\");\n\n script_cve_id(\"CVE-2010-0424\");\n script_bugtraq_id(38391);\n script_xref(name:\"GLSA\", value:\"201311-04\");\n\n script_name(english:\"GLSA-201311-04 : Vixie cron: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201311-04\n(Vixie cron: Denial of Service)\n\n Vixie cron contains a race condition relating to atime and mtime values\n of temporary files.\n \nImpact :\n\n A local attacker could change the modification time of files, possibly\n resulting in a Denial of Service condition via a symlink attack.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201311-04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Vixie cron users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-process/vixie-cron-4.1-r14'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:vixie-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-process/vixie-cron\", unaffected:make_list(\"ge 4.1-r14\"), vulnerable:make_list(\"lt 4.1-r14\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Vixie cron\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:26", "bulletinFamily": "unix", "description": "### Background\n\nPaul Vixie\u2019s cron daemon, a fully featured crond implementation.\n\n### Description\n\nVixie cron contains a race condition relating to atime and mtime values of temporary files. \n\n### Impact\n\nA local attacker could change the modification time of files, possibly resulting in a Denial of Service condition via a symlink attack. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Vixie cron users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-process/vixie-cron-4.1-r14\"", "modified": "2013-11-07T00:00:00", "published": "2013-11-07T00:00:00", "id": "GLSA-201311-04", "href": "https://security.gentoo.org/glsa/201311-04", "type": "gentoo", "title": "Vixie cron: Denial of Service", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:38", "bulletinFamily": "unix", "description": "The vixie-cron package contains the Vixie version of cron. Cron is a\nstandard UNIX daemon that runs specified programs at scheduled times. The\nvixie-cron package adds improved security and more powerful configuration\noptions to the standard version of cron.\n\nA race condition was found in the way the crontab program performed file\ntime stamp updates on a temporary file created when editing a user crontab\nfile. A local attacker could use this flaw to change the modification time\nof arbitrary system files via a symbolic link attack. (CVE-2010-0424)\n\nRed Hat would like to thank Dan Rosenberg for reporting this issue.\n\nThis update also fixes the following bugs:\n\n* Cron jobs of users with home directories mounted on a Lightweight\nDirectory Access Protocol (LDAP) server or Network File System (NFS) were\noften refused because jobs were marked as orphaned (typically due to a\ntemporary NSS lookup failure, when NIS and LDAP servers were unreachable).\nWith this update, a database of orphans is created, and cron jobs are\nperformed as expected. (BZ#455664)\n\n* Previously, cron did not log any errors if a cron job file located in the\n/etc/cron.d/ directory contained invalid entries. An upstream patch has\nbeen applied to address this problem and invalid entries in the cron job\nfiles now produce warning messages. (BZ#460070)\n\n* Previously, the \"@reboot\" crontab macro incorrectly ran jobs when the\ncrond daemon was restarted. If the user used the macro on multiple\nmachines, all entries with the \"@reboot\" option were executed every time\nthe crond daemon was restarted. With this update, jobs are executed only\nwhen the machine is rebooted. (BZ#476972)\n\n* The crontab utility is now compiled as a position-independent executable\n(PIE), which enhances the security of the system. (BZ#480930)\n\n* When the parent crond daemon was stopped, but a child crond daemon was\nrunning (executing a program), the \"service crond status\" command\nincorrectly reported that crond was running. The source code has been\nmodified, and the \"service crond status\" command now correctly reports that\ncrond is stopped. (BZ#529632)\n\n* According to the pam(8) manual page, the cron daemon, crond, supports\naccess control with PAM (Pluggable Authentication Module). However, the PAM\nconfiguration file for crond did not export environment variables correctly\nand, consequently, setting PAM variables via cron did not work. This update\nincludes a corrected /etc/pam.d/crond file that exports environment\nvariables correctly. Setting pam variables via cron now works as documented\nin the pam(8) manual page. (BZ#541189)\n\n* Previously, the mcstransd daemon modified labels for the crond daemon.\nWhen the crond daemon attempted to use the modified label and mcstransd was\nnot running, crond used an incorrect label. Consequently, Security-Enhanced\nLinux (SELinux) denials filled up the cron log, no jobs were executed, and\ncrond had to be restarted. With this update, both mcstransd and crond use\nraw SELinux labels, which prevents the problem. (BZ#625016)\n\n* Previously, the crontab(1) and cron(8) manual pages contained multiple\ntypographical errors. This update fixes those errors. (BZ#699620,\nBZ#699621)\n\nIn addition, this update adds the following enhancement:\n\n* Previously, the crontab utility did not use the Pluggable Authentication\nModule (PAM) for verification of users. As a consequence, a user could\naccess crontab even if access had been restricted (usually by being denied\nin the access.conf file). With this update, crontab returns an error\nmessage that the user is not allowed to access crontab because of PAM\nconfiguration. (BZ#249512)\n\nAll vixie-cron users should upgrade to this updated package, which resolves\nthese issues and adds this enhancement.\n", "modified": "2017-09-08T12:12:18", "published": "2012-02-21T05:00:00", "id": "RHSA-2012:0304", "href": "https://access.redhat.com/errata/RHSA-2012:0304", "type": "redhat", "title": "(RHSA-2012:0304) Low: vixie-cron security, bug fix, and enhancement update", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2019-03-22T23:44:11", "published": "2012-02-21T05:00:00", "id": "RHSA-2012:0168", "href": "https://access.redhat.com/errata/RHSA-2012:0168", "type": "redhat", "title": "(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
