Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20070517_VIXIE_CRON_ON_SL5_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : vixie-cron on SL5.x, SL4.x, SL3.x i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.058 Low
EPSS
Percentile
93.4%
Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60186);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-1856");
script_name(english:"Scientific Linux Security Update : vixie-cron on SL5.x, SL4.x, SL3.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Scientific Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Raphael Marichez discovered a denial of service bug in the way
vixie-cron verifies crontab file integrity. A local user with the
ability to create a hardlink to /etc/crontab can prevent vixie-cron
from executing certain system cron jobs. (CVE-2007-1856)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0705&L=scientific-linux-errata&T=0&P=2525
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?512042ec"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected vixie-cron package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL3", reference:"vixie-cron-4.1-19.EL3")) flag++;
if (rpm_check(release:"SL4", reference:"vixie-cron-4.1-47.EL4")) flag++;
if (rpm_check(release:"SL5", reference:"vixie-cron-4.1-70.el5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
nessus
nessus
CentOS 3 / 4 / 5 : vixie-cron (CESA-2007:0345)
2007-05-20 00:00:00
RHEL 3 / 4 / 5 : vixie-cron (RHSA-2007:0345)
2007-05-20 00:00:00
Mandrake Linux Security Advisory : vixie-cron (MDKSA-2007:234)
2007-12-04 00:00:00
centos
centos
vixie security update
2007-05-17 16:28:05
openvas
openvas
Gentoo Security Advisory GLSA 200704-11 (vixie-cron)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200704-11 (vixie-cron)
2008-09-24 00:00:00
Oracle: Security Advisory (ELSA-2007-0345)
2015-10-08 00:00:00
debiancve
debiancve
CVE-2007-1856
2007-04-18 03:19:00
ubuntucve
ubuntucve
CVE-2007-1856
2007-04-18 00:00:00
securityvulns
securityvulns
[ GLSA 200704-11 ] Vixie Cron: Denial of Service
2007-04-17 00:00:00
Gentoo Linux Vixie cron denial of service
2007-04-17 00:00:00
prion
prion
Design/Logic Flaw
2007-04-18 03:19:00
cvelist
cvelist
CVE-2007-1856
2007-04-18 02:20:00
oraclelinux
oraclelinux
Moderate: vixie-cron security update
2007-05-17 00:00:00
gentoo
gentoo
Vixie Cron: Denial of service
2007-04-16 00:00:00
nvd
nvd
CVE-2007-1856
2007-04-18 03:19:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:15:50
redhat
redhat
(RHSA-2007:0345) Moderate: vixie-cron security update
2007-05-17 00:00:00
cve
cve
CVE-2007-1856
2007-04-18 03:19:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.058 Low
EPSS
Percentile
93.4%
Related for SL_20070517_VIXIE_CRON_ON_SL5_X.NASL