This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated vixie-cron package that fixes various bugs and a security
issue is now available.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
A bug was found in the way vixie-cron installs new crontab files. It
is possible for a local attacker to execute the crontab command in
such a way that they can view the contents of another user's crontab
file. The Common Vulnerabilities and Exposures project assigned the
name CVE-2005-1038 to this issue.
Additionally, this update addresses the following issues :
o Fixed improper limits on filename and command line lengths o
Improved PAM access control conforming to EAL certification
requirements o Improved reliability when running in a chroot
environment o Mail recipient name checking disabled by default, can be
re-enabled o Added '-p' 'permit all crontabs' option to disable
crontab mode checking
All users of vixie-cron should upgrade to this updated package, which
contains backported patches and is not vulnerable to these issues.
See also :
Update the affected vixie-cron package.
Risk factor :
Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.8
Public Exploit Available : true
Family: Red Hat Local Security Checks
Nessus Plugin ID: 19987 ()
Bugtraq ID: 13024
CVE ID: CVE-2005-1038
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.