Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.SUSE_SA_2006_027.NASL
HistoryJun 01, 2006 - 12:00 a.m.

SUSE-SA:2006:027: cron

2006-06-0100:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
7
JSON

The remote host is missing the patch for the advisory SUSE-SA:2006:027 (cron).

Vixie Cron is the default CRON daemon in all SUSE Linux based distributions.

The code in do_command.c in Vixie cron does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

This problem is known to affect only distributions with Linux 2.6 kernels, but the package was updated for all distributions for completeness.

This problem is tracked by the Mitre CVE ID CVE-2006-2607.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2006:027
#


if ( ! defined_func("bn_random") ) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if(description)
{
 script_id(21623);
 script_version("1.9");
 
 name["english"] = "SUSE-SA:2006:027: cron";
 
 script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SUSE-SA:2006:027 (cron).


Vixie Cron is the default CRON daemon in all SUSE Linux based
distributions.

The code in do_command.c in Vixie cron does not check the return code
of a setuid call, which might allow local users to gain root privileges
if setuid fails in cases such as PAM failures or resource limits.

This problem is known to affect only distributions with Linux 2.6
kernels, but the package was updated for all distributions for
completeness.

This problem is tracked by the Mitre CVE ID CVE-2006-2607." );
 script_set_attribute(attribute:"solution", value:
"http://www.suse.de/security/advisories/2006-05-32.html" );
 script_set_attribute(attribute:"risk_factor", value:"High" );



 script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/01");
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
 script_end_attributes();

 
 summary["english"] = "Check for the version of the cron package";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
 family["english"] = "SuSE Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/SuSE/rpm-list");
 exit(0);
}

include("rpm.inc");
if ( rpm_check( reference:"cron-4.1-26.2", release:"SUSE10.0") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"cron-3.0.1-920.12", release:"SUSE9.1") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"cron-4.1-14.2", release:"SUSE9.2") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"cron-4.1-20.2", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}

Related

nessus 5
centos 1
gentoo 1
suse 1
ubuntucve 1
cve 1
debiancve 1
myhack58 1
redhat 1
openvas 4
prion 1
ubuntu 1
nessus
nessus
GLSA-200606-07 : Vixie Cron: Privilege Escalation
2006-06-11 00:00:00
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cron vulnerability (USN-778-1)
2009-06-02 00:00:00
openSUSE 10 Security Update : cron (cron-1440)
2007-10-17 00:00:00
centos
centos
vixie security update
2006-07-12 18:56:16
gentoo
gentoo
Vixie Cron: Privilege Escalation
2006-06-09 00:00:00
suse
suse
local privilege escalation in cron
2006-05-31 13:32:34
ubuntucve
ubuntucve
CVE-2006-2607
2006-05-25 00:00:00
cve
cve
CVE-2006-2607
2006-05-25 20:02:00
debiancve
debiancve
CVE-2006-2607
2006-05-25 20:02:00
myhack58
myhack58
Setuid() - nproc limit the type of vulnerability of in-depth analysis-vulnerability warning-the black bar safety net
2006-08-04 00:00:00
redhat
redhat
(RHSA-2006:0539) vixie-cron security update
2006-07-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200606-07 (vixie-cron)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-778-1)
2009-06-05 00:00:00
Gentoo Security Advisory GLSA 200606-07 (vixie-cron)
2008-09-24 00:00:00
prion
prion
Deserialization of untrusted data
2006-05-25 20:02:00
ubuntu
ubuntu
cron vulnerability
2009-06-01 00:00:00
JSON
Related for SUSE_SA_2006_027.NASL
nessus5centos1gentoo1suse1ubuntucve1cve1debiancve1myhack581redhat1openvas4prion1ubuntu1